1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD$ 22 */ 23 24#include <sys/param.h> 25 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29 30#include <sys/systm.h> 31#include <sys/kernel.h> 32#include <sys/module.h> 33#include <sys/sockio.h> 34#include <sys/socket.h> 35#include <sys/syslog.h> 36#include <sys/random.h> 37#include <sys/malloc.h> 38#include <sys/mbuf.h> 39 40#include <sys/md5.h> 41 42#include <net/if.h> 43#include <net/netisr.h> 44#include <net/if_types.h> 45#include <net/route.h> 46#include <net/vnet.h> 47#include <netinet/in.h> 48#include <netinet/in_systm.h> 49#include <netinet/ip.h> 50#include <net/slcompress.h> 51 52#include <machine/stdarg.h> 53 54#include <netinet/in_var.h> 55 56#ifdef INET 57#include <netinet/ip.h> 58#include <netinet/tcp.h> 59#endif 60 61#ifdef INET6 62#include <netinet6/scope6_var.h> 63#endif 64 65#include <netinet/if_ether.h> 66 67#ifdef IPX 68#include <netipx/ipx.h> 69#include <netipx/ipx_if.h> 70#endif 71 72#include <net/if_sppp.h> 73 74#define IOCTL_CMD_T u_long 75#define MAXALIVECNT 3 /* max. alive packets */ 76 77/* 78 * Interface flags that can be set in an ifconfig command. 79 * 80 * Setting link0 will make the link passive, i.e. it will be marked 81 * as being administrative openable, but won't be opened to begin 82 * with. Incoming calls will be answered, or subsequent calls with 83 * -link1 will cause the administrative open of the LCP layer. 84 * 85 * Setting link1 will cause the link to auto-dial only as packets 86 * arrive to be sent. 87 * 88 * Setting IFF_DEBUG will syslog the option negotiation and state 89 * transitions at level kern.debug. Note: all logs consistently look 90 * like 91 * 92 * <if-name><unit>: <proto-name> <additional info...> 93 * 94 * with <if-name><unit> being something like "bppp0", and <proto-name> 95 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 96 */ 97 98#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 99#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 100#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 101 102#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 103#define PPP_UI 0x03 /* Unnumbered Information */ 104#define PPP_IP 0x0021 /* Internet Protocol */ 105#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 106#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 107#define PPP_IPX 0x002b /* Novell IPX Protocol */ 108#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 109#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 110#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 111#define PPP_LCP 0xc021 /* Link Control Protocol */ 112#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 113#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 114#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 115#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 116 117#define CONF_REQ 1 /* PPP configure request */ 118#define CONF_ACK 2 /* PPP configure acknowledge */ 119#define CONF_NAK 3 /* PPP configure negative ack */ 120#define CONF_REJ 4 /* PPP configure reject */ 121#define TERM_REQ 5 /* PPP terminate request */ 122#define TERM_ACK 6 /* PPP terminate acknowledge */ 123#define CODE_REJ 7 /* PPP code reject */ 124#define PROTO_REJ 8 /* PPP protocol reject */ 125#define ECHO_REQ 9 /* PPP echo request */ 126#define ECHO_REPLY 10 /* PPP echo reply */ 127#define DISC_REQ 11 /* PPP discard request */ 128 129#define LCP_OPT_MRU 1 /* maximum receive unit */ 130#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 131#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 132#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 133#define LCP_OPT_MAGIC 5 /* magic number */ 134#define LCP_OPT_RESERVED 6 /* reserved */ 135#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 136#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 137 138#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 139#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 140#define IPCP_OPT_ADDRESS 3 /* local IP address */ 141 142#define IPV6CP_OPT_IFID 1 /* interface identifier */ 143#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 144 145#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 146 147#define PAP_REQ 1 /* PAP name/password request */ 148#define PAP_ACK 2 /* PAP acknowledge */ 149#define PAP_NAK 3 /* PAP fail */ 150 151#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 152#define CHAP_RESPONSE 2 /* CHAP challenge response */ 153#define CHAP_SUCCESS 3 /* CHAP response ok */ 154#define CHAP_FAILURE 4 /* CHAP response failed */ 155 156#define CHAP_MD5 5 /* hash algorithm - MD5 */ 157 158#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 159#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 160#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 161#define CISCO_ADDR_REQ 0 /* Cisco address request */ 162#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 163#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 164 165/* states are named and numbered according to RFC 1661 */ 166#define STATE_INITIAL 0 167#define STATE_STARTING 1 168#define STATE_CLOSED 2 169#define STATE_STOPPED 3 170#define STATE_CLOSING 4 171#define STATE_STOPPING 5 172#define STATE_REQ_SENT 6 173#define STATE_ACK_RCVD 7 174#define STATE_ACK_SENT 8 175#define STATE_OPENED 9 176 177static MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 178 179struct ppp_header { 180 u_char address; 181 u_char control; 182 u_short protocol; 183} __packed; 184#define PPP_HEADER_LEN sizeof (struct ppp_header) 185 186struct lcp_header { 187 u_char type; 188 u_char ident; 189 u_short len; 190} __packed; 191#define LCP_HEADER_LEN sizeof (struct lcp_header) 192 193struct cisco_packet { 194 u_long type; 195 u_long par1; 196 u_long par2; 197 u_short rel; 198 u_short time0; 199 u_short time1; 200} __packed; 201#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 202 203/* 204 * We follow the spelling and capitalization of RFC 1661 here, to make 205 * it easier comparing with the standard. Please refer to this RFC in 206 * case you can't make sense out of these abbreviation; it will also 207 * explain the semantics related to the various events and actions. 208 */ 209struct cp { 210 u_short proto; /* PPP control protocol number */ 211 u_char protoidx; /* index into state table in struct sppp */ 212 u_char flags; 213#define CP_LCP 0x01 /* this is the LCP */ 214#define CP_AUTH 0x02 /* this is an authentication protocol */ 215#define CP_NCP 0x04 /* this is a NCP */ 216#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 217 const char *name; /* name of this control protocol */ 218 /* event handlers */ 219 void (*Up)(struct sppp *sp); 220 void (*Down)(struct sppp *sp); 221 void (*Open)(struct sppp *sp); 222 void (*Close)(struct sppp *sp); 223 void (*TO)(void *sp); 224 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 225 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 226 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 227 /* actions */ 228 void (*tlu)(struct sppp *sp); 229 void (*tld)(struct sppp *sp); 230 void (*tls)(struct sppp *sp); 231 void (*tlf)(struct sppp *sp); 232 void (*scr)(struct sppp *sp); 233}; 234 235#define SPP_FMT "%s: " 236#define SPP_ARGS(ifp) (ifp)->if_xname 237 238#define SPPP_LOCK(sp) mtx_lock (&(sp)->mtx) 239#define SPPP_UNLOCK(sp) mtx_unlock (&(sp)->mtx) 240#define SPPP_LOCK_ASSERT(sp) mtx_assert (&(sp)->mtx, MA_OWNED) 241#define SPPP_LOCK_OWNED(sp) mtx_owned (&(sp)->mtx) 242 243#ifdef INET 244/* 245 * The following disgusting hack gets around the problem that IP TOS 246 * can't be set yet. We want to put "interactive" traffic on a high 247 * priority queue. To decide if traffic is interactive, we check that 248 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 249 * 250 * XXX is this really still necessary? - joerg - 251 */ 252static const u_short interactive_ports[8] = { 253 0, 513, 0, 0, 254 0, 21, 0, 23, 255}; 256#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 257#endif 258 259/* almost every function needs these */ 260#define STDDCL \ 261 struct ifnet *ifp = SP2IFP(sp); \ 262 int debug = ifp->if_flags & IFF_DEBUG 263 264static int sppp_output(struct ifnet *ifp, struct mbuf *m, 265 const struct sockaddr *dst, struct route *ro); 266 267static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 268static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 269 270static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 271 struct mbuf *m); 272static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 273 u_char ident, u_short len, void *data); 274/* static void sppp_cp_timeout(void *arg); */ 275static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 276 int newstate); 277static void sppp_auth_send(const struct cp *cp, 278 struct sppp *sp, unsigned int type, unsigned int id, 279 ...); 280 281static void sppp_up_event(const struct cp *cp, struct sppp *sp); 282static void sppp_down_event(const struct cp *cp, struct sppp *sp); 283static void sppp_open_event(const struct cp *cp, struct sppp *sp); 284static void sppp_close_event(const struct cp *cp, struct sppp *sp); 285static void sppp_to_event(const struct cp *cp, struct sppp *sp); 286 287static void sppp_null(struct sppp *sp); 288 289static void sppp_pp_up(struct sppp *sp); 290static void sppp_pp_down(struct sppp *sp); 291 292static void sppp_lcp_init(struct sppp *sp); 293static void sppp_lcp_up(struct sppp *sp); 294static void sppp_lcp_down(struct sppp *sp); 295static void sppp_lcp_open(struct sppp *sp); 296static void sppp_lcp_close(struct sppp *sp); 297static void sppp_lcp_TO(void *sp); 298static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 299static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 300static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 301static void sppp_lcp_tlu(struct sppp *sp); 302static void sppp_lcp_tld(struct sppp *sp); 303static void sppp_lcp_tls(struct sppp *sp); 304static void sppp_lcp_tlf(struct sppp *sp); 305static void sppp_lcp_scr(struct sppp *sp); 306static void sppp_lcp_check_and_close(struct sppp *sp); 307static int sppp_ncp_check(struct sppp *sp); 308 309static void sppp_ipcp_init(struct sppp *sp); 310static void sppp_ipcp_up(struct sppp *sp); 311static void sppp_ipcp_down(struct sppp *sp); 312static void sppp_ipcp_open(struct sppp *sp); 313static void sppp_ipcp_close(struct sppp *sp); 314static void sppp_ipcp_TO(void *sp); 315static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 316static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 317static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 318static void sppp_ipcp_tlu(struct sppp *sp); 319static void sppp_ipcp_tld(struct sppp *sp); 320static void sppp_ipcp_tls(struct sppp *sp); 321static void sppp_ipcp_tlf(struct sppp *sp); 322static void sppp_ipcp_scr(struct sppp *sp); 323 324static void sppp_ipv6cp_init(struct sppp *sp); 325static void sppp_ipv6cp_up(struct sppp *sp); 326static void sppp_ipv6cp_down(struct sppp *sp); 327static void sppp_ipv6cp_open(struct sppp *sp); 328static void sppp_ipv6cp_close(struct sppp *sp); 329static void sppp_ipv6cp_TO(void *sp); 330static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 331static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 332static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_ipv6cp_tlu(struct sppp *sp); 334static void sppp_ipv6cp_tld(struct sppp *sp); 335static void sppp_ipv6cp_tls(struct sppp *sp); 336static void sppp_ipv6cp_tlf(struct sppp *sp); 337static void sppp_ipv6cp_scr(struct sppp *sp); 338 339static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 340static void sppp_pap_init(struct sppp *sp); 341static void sppp_pap_open(struct sppp *sp); 342static void sppp_pap_close(struct sppp *sp); 343static void sppp_pap_TO(void *sp); 344static void sppp_pap_my_TO(void *sp); 345static void sppp_pap_tlu(struct sppp *sp); 346static void sppp_pap_tld(struct sppp *sp); 347static void sppp_pap_scr(struct sppp *sp); 348 349static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 350static void sppp_chap_init(struct sppp *sp); 351static void sppp_chap_open(struct sppp *sp); 352static void sppp_chap_close(struct sppp *sp); 353static void sppp_chap_TO(void *sp); 354static void sppp_chap_tlu(struct sppp *sp); 355static void sppp_chap_tld(struct sppp *sp); 356static void sppp_chap_scr(struct sppp *sp); 357 358static const char *sppp_auth_type_name(u_short proto, u_char type); 359static const char *sppp_cp_type_name(u_char type); 360#ifdef INET 361static const char *sppp_dotted_quad(u_long addr); 362static const char *sppp_ipcp_opt_name(u_char opt); 363#endif 364#ifdef INET6 365static const char *sppp_ipv6cp_opt_name(u_char opt); 366#endif 367static const char *sppp_lcp_opt_name(u_char opt); 368static const char *sppp_phase_name(enum ppp_phase phase); 369static const char *sppp_proto_name(u_short proto); 370static const char *sppp_state_name(int state); 371static int sppp_params(struct sppp *sp, u_long cmd, void *data); 372static int sppp_strnlen(u_char *p, int max); 373static void sppp_keepalive(void *dummy); 374static void sppp_phase_network(struct sppp *sp); 375static void sppp_print_bytes(const u_char *p, u_short len); 376static void sppp_print_string(const char *p, u_short len); 377static void sppp_qflush(struct ifqueue *ifq); 378#ifdef INET 379static void sppp_set_ip_addr(struct sppp *sp, u_long src); 380#endif 381#ifdef INET6 382static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 383 struct in6_addr *dst, struct in6_addr *srcmask); 384#ifdef IPV6CP_MYIFID_DYN 385static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 386static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 387#endif 388static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 389#endif 390 391/* if_start () wrapper */ 392static void sppp_ifstart (struct ifnet *ifp); 393 394/* our control protocol descriptors */ 395static const struct cp lcp = { 396 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 397 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 398 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 399 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 400 sppp_lcp_scr 401}; 402 403static const struct cp ipcp = { 404 PPP_IPCP, IDX_IPCP, 405#ifdef INET /* don't run IPCP if there's no IPv4 support */ 406 CP_NCP, 407#else 408 0, 409#endif 410 "ipcp", 411 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 412 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 413 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 414 sppp_ipcp_scr 415}; 416 417static const struct cp ipv6cp = { 418 PPP_IPV6CP, IDX_IPV6CP, 419#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 420 CP_NCP, 421#else 422 0, 423#endif 424 "ipv6cp", 425 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 426 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 427 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 428 sppp_ipv6cp_scr 429}; 430 431static const struct cp pap = { 432 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 433 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 434 sppp_pap_TO, 0, 0, 0, 435 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 436 sppp_pap_scr 437}; 438 439static const struct cp chap = { 440 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 441 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 442 sppp_chap_TO, 0, 0, 0, 443 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 444 sppp_chap_scr 445}; 446 447static const struct cp *cps[IDX_COUNT] = { 448 &lcp, /* IDX_LCP */ 449 &ipcp, /* IDX_IPCP */ 450 &ipv6cp, /* IDX_IPV6CP */ 451 &pap, /* IDX_PAP */ 452 &chap, /* IDX_CHAP */ 453}; 454 455static void* 456sppp_alloc(u_char type, struct ifnet *ifp) 457{ 458 struct sppp *sp; 459 460 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 461 sp->pp_ifp = ifp; 462 463 return (sp); 464} 465 466static void 467sppp_free(void *com, u_char type) 468{ 469 470 free(com, M_SPPP); 471} 472 473static int 474sppp_modevent(module_t mod, int type, void *unused) 475{ 476 switch (type) { 477 case MOD_LOAD: 478 /* 479 * XXX: should probably be IFT_SPPP, but it's fairly 480 * harmless to allocate struct sppp's for non-sppp 481 * interfaces. 482 */ 483 484 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 485 break; 486 case MOD_UNLOAD: 487 /* if_deregister_com_alloc(IFT_PPP); */ 488 return EACCES; 489 default: 490 return EOPNOTSUPP; 491 } 492 return 0; 493} 494static moduledata_t spppmod = { 495 "sppp", 496 sppp_modevent, 497 0 498}; 499MODULE_VERSION(sppp, 1); 500DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 501 502/* 503 * Exported functions, comprising our interface to the lower layer. 504 */ 505 506/* 507 * Process the received packet. 508 */ 509void 510sppp_input(struct ifnet *ifp, struct mbuf *m) 511{ 512 struct ppp_header *h; 513 int isr = -1; 514 struct sppp *sp = IFP2SP(ifp); 515 int debug, do_account = 0; 516#ifdef INET 517 int hlen, vjlen; 518 u_char *iphdr; 519#endif 520 521 SPPP_LOCK(sp); 522 debug = ifp->if_flags & IFF_DEBUG; 523 524 if (ifp->if_flags & IFF_UP) 525 /* Count received bytes, add FCS and one flag */ 526 ifp->if_ibytes += m->m_pkthdr.len + 3; 527 528 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 529 /* Too small packet, drop it. */ 530 if (debug) 531 log(LOG_DEBUG, 532 SPP_FMT "input packet is too small, %d bytes\n", 533 SPP_ARGS(ifp), m->m_pkthdr.len); 534 drop: 535 m_freem (m); 536 SPPP_UNLOCK(sp); 537 drop2: 538 ++ifp->if_ierrors; 539 ++ifp->if_iqdrops; 540 return; 541 } 542 543 if (sp->pp_mode == PP_FR) { 544 sppp_fr_input (sp, m); 545 SPPP_UNLOCK(sp); 546 return; 547 } 548 549 /* Get PPP header. */ 550 h = mtod (m, struct ppp_header*); 551 m_adj (m, PPP_HEADER_LEN); 552 553 switch (h->address) { 554 case PPP_ALLSTATIONS: 555 if (h->control != PPP_UI) 556 goto invalid; 557 if (sp->pp_mode == IFF_CISCO) { 558 if (debug) 559 log(LOG_DEBUG, 560 SPP_FMT "PPP packet in Cisco mode " 561 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 562 SPP_ARGS(ifp), 563 h->address, h->control, ntohs(h->protocol)); 564 goto drop; 565 } 566 switch (ntohs (h->protocol)) { 567 default: 568 if (debug) 569 log(LOG_DEBUG, 570 SPP_FMT "rejecting protocol " 571 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 572 SPP_ARGS(ifp), 573 h->address, h->control, ntohs(h->protocol)); 574 if (sp->state[IDX_LCP] == STATE_OPENED) 575 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 576 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 577 &h->protocol); 578 ++ifp->if_noproto; 579 goto drop; 580 case PPP_LCP: 581 sppp_cp_input(&lcp, sp, m); 582 m_freem (m); 583 SPPP_UNLOCK(sp); 584 return; 585 case PPP_PAP: 586 if (sp->pp_phase >= PHASE_AUTHENTICATE) 587 sppp_pap_input(sp, m); 588 m_freem (m); 589 SPPP_UNLOCK(sp); 590 return; 591 case PPP_CHAP: 592 if (sp->pp_phase >= PHASE_AUTHENTICATE) 593 sppp_chap_input(sp, m); 594 m_freem (m); 595 SPPP_UNLOCK(sp); 596 return; 597#ifdef INET 598 case PPP_IPCP: 599 if (sp->pp_phase == PHASE_NETWORK) 600 sppp_cp_input(&ipcp, sp, m); 601 m_freem (m); 602 SPPP_UNLOCK(sp); 603 return; 604 case PPP_IP: 605 if (sp->state[IDX_IPCP] == STATE_OPENED) { 606 isr = NETISR_IP; 607 } 608 do_account++; 609 break; 610 case PPP_VJ_COMP: 611 if (sp->state[IDX_IPCP] == STATE_OPENED) { 612 if ((vjlen = 613 sl_uncompress_tcp_core(mtod(m, u_char *), 614 m->m_len, m->m_len, 615 TYPE_COMPRESSED_TCP, 616 sp->pp_comp, 617 &iphdr, &hlen)) <= 0) { 618 if (debug) 619 log(LOG_INFO, 620 SPP_FMT "VJ uncompress failed on compressed packet\n", 621 SPP_ARGS(ifp)); 622 goto drop; 623 } 624 625 /* 626 * Trim the VJ header off the packet, and prepend 627 * the uncompressed IP header (which will usually 628 * end up in two chained mbufs since there's not 629 * enough leading space in the existing mbuf). 630 */ 631 m_adj(m, vjlen); 632 M_PREPEND(m, hlen, M_NOWAIT); 633 if (m == NULL) { 634 SPPP_UNLOCK(sp); 635 goto drop2; 636 } 637 bcopy(iphdr, mtod(m, u_char *), hlen); 638 isr = NETISR_IP; 639 } 640 do_account++; 641 break; 642 case PPP_VJ_UCOMP: 643 if (sp->state[IDX_IPCP] == STATE_OPENED) { 644 if (sl_uncompress_tcp_core(mtod(m, u_char *), 645 m->m_len, m->m_len, 646 TYPE_UNCOMPRESSED_TCP, 647 sp->pp_comp, 648 &iphdr, &hlen) != 0) { 649 if (debug) 650 log(LOG_INFO, 651 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 652 SPP_ARGS(ifp)); 653 goto drop; 654 } 655 isr = NETISR_IP; 656 } 657 do_account++; 658 break; 659#endif 660#ifdef INET6 661 case PPP_IPV6CP: 662 if (sp->pp_phase == PHASE_NETWORK) 663 sppp_cp_input(&ipv6cp, sp, m); 664 m_freem (m); 665 SPPP_UNLOCK(sp); 666 return; 667 668 case PPP_IPV6: 669 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 670 isr = NETISR_IPV6; 671 do_account++; 672 break; 673#endif 674#ifdef IPX 675 case PPP_IPX: 676 /* IPX IPXCP not implemented yet */ 677 if (sp->pp_phase == PHASE_NETWORK) 678 isr = NETISR_IPX; 679 do_account++; 680 break; 681#endif 682 } 683 break; 684 case CISCO_MULTICAST: 685 case CISCO_UNICAST: 686 /* Don't check the control field here (RFC 1547). */ 687 if (sp->pp_mode != IFF_CISCO) { 688 if (debug) 689 log(LOG_DEBUG, 690 SPP_FMT "Cisco packet in PPP mode " 691 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 692 SPP_ARGS(ifp), 693 h->address, h->control, ntohs(h->protocol)); 694 goto drop; 695 } 696 switch (ntohs (h->protocol)) { 697 default: 698 ++ifp->if_noproto; 699 goto invalid; 700 case CISCO_KEEPALIVE: 701 sppp_cisco_input (sp, m); 702 m_freem (m); 703 SPPP_UNLOCK(sp); 704 return; 705#ifdef INET 706 case ETHERTYPE_IP: 707 isr = NETISR_IP; 708 do_account++; 709 break; 710#endif 711#ifdef INET6 712 case ETHERTYPE_IPV6: 713 isr = NETISR_IPV6; 714 do_account++; 715 break; 716#endif 717#ifdef IPX 718 case ETHERTYPE_IPX: 719 isr = NETISR_IPX; 720 do_account++; 721 break; 722#endif 723 } 724 break; 725 default: /* Invalid PPP packet. */ 726 invalid: 727 if (debug) 728 log(LOG_DEBUG, 729 SPP_FMT "invalid input packet " 730 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 731 SPP_ARGS(ifp), 732 h->address, h->control, ntohs(h->protocol)); 733 goto drop; 734 } 735 736 if (! (ifp->if_flags & IFF_UP) || isr == -1) 737 goto drop; 738 739 SPPP_UNLOCK(sp); 740 M_SETFIB(m, ifp->if_fib); 741 /* Check queue. */ 742 if (netisr_queue(isr, m)) { /* (0) on success. */ 743 if (debug) 744 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 745 SPP_ARGS(ifp)); 746 goto drop2; 747 } 748 749 if (do_account) 750 /* 751 * Do only account for network packets, not for control 752 * packets. This is used by some subsystems to detect 753 * idle lines. 754 */ 755 sp->pp_last_recv = time_uptime; 756} 757 758static void 759sppp_ifstart_sched(void *dummy) 760{ 761 struct sppp *sp = dummy; 762 763 sp->if_start(SP2IFP(sp)); 764} 765 766/* if_start () wrapper function. We use it to schedule real if_start () for 767 * execution. We can't call it directly 768 */ 769static void 770sppp_ifstart(struct ifnet *ifp) 771{ 772 struct sppp *sp = IFP2SP(ifp); 773 774 if (SPPP_LOCK_OWNED(sp)) { 775 if (callout_pending(&sp->ifstart_callout)) 776 return; 777 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 778 (void *)sp); 779 } else { 780 sp->if_start(ifp); 781 } 782} 783 784/* 785 * Enqueue transmit packet. 786 */ 787static int 788sppp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 789 struct route *ro) 790{ 791 struct sppp *sp = IFP2SP(ifp); 792 struct ppp_header *h; 793 struct ifqueue *ifq = NULL; 794 int error, rv = 0; 795#ifdef INET 796 int ipproto = PPP_IP; 797#endif 798 int debug = ifp->if_flags & IFF_DEBUG; 799 800 SPPP_LOCK(sp); 801 802 if (!(ifp->if_flags & IFF_UP) || 803 (!(ifp->if_flags & IFF_AUTO) && 804 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 805#ifdef INET6 806 drop: 807#endif 808 m_freem (m); 809 SPPP_UNLOCK(sp); 810 return (ENETDOWN); 811 } 812 813 if ((ifp->if_flags & IFF_AUTO) && 814 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 815#ifdef INET6 816 /* 817 * XXX 818 * 819 * Hack to prevent the initialization-time generated 820 * IPv6 multicast packet to erroneously cause a 821 * dialout event in case IPv6 has been 822 * administratively disabled on that interface. 823 */ 824 if (dst->sa_family == AF_INET6 && 825 !(sp->confflags & CONF_ENABLE_IPV6)) 826 goto drop; 827#endif 828 /* 829 * Interface is not yet running, but auto-dial. Need 830 * to start LCP for it. 831 */ 832 ifp->if_drv_flags |= IFF_DRV_RUNNING; 833 lcp.Open(sp); 834 } 835 836#ifdef INET 837 if (dst->sa_family == AF_INET) { 838 /* XXX Check mbuf length here? */ 839 struct ip *ip = mtod (m, struct ip*); 840 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 841 842 /* 843 * When using dynamic local IP address assignment by using 844 * 0.0.0.0 as a local address, the first TCP session will 845 * not connect because the local TCP checksum is computed 846 * using 0.0.0.0 which will later become our real IP address 847 * so the TCP checksum computed at the remote end will 848 * become invalid. So we 849 * - don't let packets with src ip addr 0 thru 850 * - we flag TCP packets with src ip 0 as an error 851 */ 852 853 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 854 { 855 m_freem(m); 856 SPPP_UNLOCK(sp); 857 if(ip->ip_p == IPPROTO_TCP) 858 return(EADDRNOTAVAIL); 859 else 860 return(0); 861 } 862 863 /* 864 * Put low delay, telnet, rlogin and ftp control packets 865 * in front of the queue or let ALTQ take care. 866 */ 867 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 868 ; 869 else if (_IF_QFULL(&sp->pp_fastq)) 870 ; 871 else if (ip->ip_tos & IPTOS_LOWDELAY) 872 ifq = &sp->pp_fastq; 873 else if (m->m_len < sizeof *ip + sizeof *tcp) 874 ; 875 else if (ip->ip_p != IPPROTO_TCP) 876 ; 877 else if (INTERACTIVE (ntohs (tcp->th_sport))) 878 ifq = &sp->pp_fastq; 879 else if (INTERACTIVE (ntohs (tcp->th_dport))) 880 ifq = &sp->pp_fastq; 881 882 /* 883 * Do IP Header compression 884 */ 885 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 886 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 887 switch (sl_compress_tcp(m, ip, sp->pp_comp, 888 sp->ipcp.compress_cid)) { 889 case TYPE_COMPRESSED_TCP: 890 ipproto = PPP_VJ_COMP; 891 break; 892 case TYPE_UNCOMPRESSED_TCP: 893 ipproto = PPP_VJ_UCOMP; 894 break; 895 case TYPE_IP: 896 ipproto = PPP_IP; 897 break; 898 default: 899 m_freem(m); 900 SPPP_UNLOCK(sp); 901 return (EINVAL); 902 } 903 } 904#endif 905 906#ifdef INET6 907 if (dst->sa_family == AF_INET6) { 908 /* XXX do something tricky here? */ 909 } 910#endif 911 912 if (sp->pp_mode == PP_FR) { 913 /* Add frame relay header. */ 914 m = sppp_fr_header (sp, m, dst->sa_family); 915 if (! m) 916 goto nobufs; 917 goto out; 918 } 919 920 /* 921 * Prepend general data packet PPP header. For now, IP only. 922 */ 923 M_PREPEND (m, PPP_HEADER_LEN, M_NOWAIT); 924 if (! m) { 925nobufs: if (debug) 926 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 927 SPP_ARGS(ifp)); 928 ++ifp->if_oerrors; 929 SPPP_UNLOCK(sp); 930 return (ENOBUFS); 931 } 932 /* 933 * May want to check size of packet 934 * (albeit due to the implementation it's always enough) 935 */ 936 h = mtod (m, struct ppp_header*); 937 if (sp->pp_mode == IFF_CISCO) { 938 h->address = CISCO_UNICAST; /* unicast address */ 939 h->control = 0; 940 } else { 941 h->address = PPP_ALLSTATIONS; /* broadcast address */ 942 h->control = PPP_UI; /* Unnumbered Info */ 943 } 944 945 switch (dst->sa_family) { 946#ifdef INET 947 case AF_INET: /* Internet Protocol */ 948 if (sp->pp_mode == IFF_CISCO) 949 h->protocol = htons (ETHERTYPE_IP); 950 else { 951 /* 952 * Don't choke with an ENETDOWN early. It's 953 * possible that we just started dialing out, 954 * so don't drop the packet immediately. If 955 * we notice that we run out of buffer space 956 * below, we will however remember that we are 957 * not ready to carry IP packets, and return 958 * ENETDOWN, as opposed to ENOBUFS. 959 */ 960 h->protocol = htons(ipproto); 961 if (sp->state[IDX_IPCP] != STATE_OPENED) 962 rv = ENETDOWN; 963 } 964 break; 965#endif 966#ifdef INET6 967 case AF_INET6: /* Internet Protocol */ 968 if (sp->pp_mode == IFF_CISCO) 969 h->protocol = htons (ETHERTYPE_IPV6); 970 else { 971 /* 972 * Don't choke with an ENETDOWN early. It's 973 * possible that we just started dialing out, 974 * so don't drop the packet immediately. If 975 * we notice that we run out of buffer space 976 * below, we will however remember that we are 977 * not ready to carry IP packets, and return 978 * ENETDOWN, as opposed to ENOBUFS. 979 */ 980 h->protocol = htons(PPP_IPV6); 981 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 982 rv = ENETDOWN; 983 } 984 break; 985#endif 986#ifdef IPX 987 case AF_IPX: /* Novell IPX Protocol */ 988 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 989 ETHERTYPE_IPX : PPP_IPX); 990 break; 991#endif 992 default: 993 m_freem (m); 994 ++ifp->if_oerrors; 995 SPPP_UNLOCK(sp); 996 return (EAFNOSUPPORT); 997 } 998 999 /* 1000 * Queue message on interface, and start output if interface 1001 * not yet active. 1002 */ 1003out: 1004 if (ifq != NULL) 1005 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1006 else 1007 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1008 if (error) { 1009 ++ifp->if_oerrors; 1010 SPPP_UNLOCK(sp); 1011 return (rv? rv: ENOBUFS); 1012 } 1013 SPPP_UNLOCK(sp); 1014 /* 1015 * Unlike in sppp_input(), we can always bump the timestamp 1016 * here since sppp_output() is only called on behalf of 1017 * network-layer traffic; control-layer traffic is handled 1018 * by sppp_cp_send(). 1019 */ 1020 sp->pp_last_sent = time_uptime; 1021 return (0); 1022} 1023 1024void 1025sppp_attach(struct ifnet *ifp) 1026{ 1027 struct sppp *sp = IFP2SP(ifp); 1028 1029 /* Initialize mtx lock */ 1030 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1031 1032 /* Initialize keepalive handler. */ 1033 callout_init(&sp->keepalive_callout, CALLOUT_MPSAFE); 1034 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1035 (void *)sp); 1036 1037 ifp->if_mtu = PP_MTU; 1038 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1039 ifp->if_output = sppp_output; 1040#if 0 1041 sp->pp_flags = PP_KEEPALIVE; 1042#endif 1043 ifp->if_snd.ifq_maxlen = 32; 1044 sp->pp_fastq.ifq_maxlen = 32; 1045 sp->pp_cpq.ifq_maxlen = 20; 1046 sp->pp_loopcnt = 0; 1047 sp->pp_alivecnt = 0; 1048 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1049 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1050 sp->pp_phase = PHASE_DEAD; 1051 sp->pp_up = sppp_pp_up; 1052 sp->pp_down = sppp_pp_down; 1053 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1054 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1055 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1056 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1057 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1058 sp->confflags = 0; 1059#ifdef INET 1060 sp->confflags |= CONF_ENABLE_VJ; 1061#endif 1062#ifdef INET6 1063 sp->confflags |= CONF_ENABLE_IPV6; 1064#endif 1065 callout_init(&sp->ifstart_callout, CALLOUT_MPSAFE); 1066 sp->if_start = ifp->if_start; 1067 ifp->if_start = sppp_ifstart; 1068 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1069 sl_compress_init(sp->pp_comp, -1); 1070 sppp_lcp_init(sp); 1071 sppp_ipcp_init(sp); 1072 sppp_ipv6cp_init(sp); 1073 sppp_pap_init(sp); 1074 sppp_chap_init(sp); 1075} 1076 1077void 1078sppp_detach(struct ifnet *ifp) 1079{ 1080 struct sppp *sp = IFP2SP(ifp); 1081 int i; 1082 1083 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1084 1085 /* Stop keepalive handler. */ 1086 if (!callout_drain(&sp->keepalive_callout)) 1087 callout_stop(&sp->keepalive_callout); 1088 1089 for (i = 0; i < IDX_COUNT; i++) { 1090 if (!callout_drain(&sp->ch[i])) 1091 callout_stop(&sp->ch[i]); 1092 } 1093 if (!callout_drain(&sp->pap_my_to_ch)) 1094 callout_stop(&sp->pap_my_to_ch); 1095 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1096 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1097 mtx_destroy(&sp->mtx); 1098} 1099 1100/* 1101 * Flush the interface output queue. 1102 */ 1103static void 1104sppp_flush_unlocked(struct ifnet *ifp) 1105{ 1106 struct sppp *sp = IFP2SP(ifp); 1107 1108 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1109 sppp_qflush (&sp->pp_fastq); 1110 sppp_qflush (&sp->pp_cpq); 1111} 1112 1113void 1114sppp_flush(struct ifnet *ifp) 1115{ 1116 struct sppp *sp = IFP2SP(ifp); 1117 1118 SPPP_LOCK(sp); 1119 sppp_flush_unlocked (ifp); 1120 SPPP_UNLOCK(sp); 1121} 1122 1123/* 1124 * Check if the output queue is empty. 1125 */ 1126int 1127sppp_isempty(struct ifnet *ifp) 1128{ 1129 struct sppp *sp = IFP2SP(ifp); 1130 int empty; 1131 1132 SPPP_LOCK(sp); 1133 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1134 !SP2IFP(sp)->if_snd.ifq_head; 1135 SPPP_UNLOCK(sp); 1136 return (empty); 1137} 1138 1139/* 1140 * Get next packet to send. 1141 */ 1142struct mbuf * 1143sppp_dequeue(struct ifnet *ifp) 1144{ 1145 struct sppp *sp = IFP2SP(ifp); 1146 struct mbuf *m; 1147 1148 SPPP_LOCK(sp); 1149 /* 1150 * Process only the control protocol queue until we have at 1151 * least one NCP open. 1152 * 1153 * Do always serve all three queues in Cisco mode. 1154 */ 1155 IF_DEQUEUE(&sp->pp_cpq, m); 1156 if (m == NULL && 1157 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1158 sp->pp_mode == PP_FR)) { 1159 IF_DEQUEUE(&sp->pp_fastq, m); 1160 if (m == NULL) 1161 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1162 } 1163 SPPP_UNLOCK(sp); 1164 return m; 1165} 1166 1167/* 1168 * Pick the next packet, do not remove it from the queue. 1169 */ 1170struct mbuf * 1171sppp_pick(struct ifnet *ifp) 1172{ 1173 struct sppp *sp = IFP2SP(ifp); 1174 struct mbuf *m; 1175 1176 SPPP_LOCK(sp); 1177 1178 m = sp->pp_cpq.ifq_head; 1179 if (m == NULL && 1180 (sp->pp_phase == PHASE_NETWORK || 1181 sp->pp_mode == IFF_CISCO || 1182 sp->pp_mode == PP_FR)) 1183 if ((m = sp->pp_fastq.ifq_head) == NULL) 1184 m = SP2IFP(sp)->if_snd.ifq_head; 1185 SPPP_UNLOCK(sp); 1186 return (m); 1187} 1188 1189/* 1190 * Process an ioctl request. Called on low priority level. 1191 */ 1192int 1193sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1194{ 1195 struct ifreq *ifr = (struct ifreq*) data; 1196 struct sppp *sp = IFP2SP(ifp); 1197 int rv, going_up, going_down, newmode; 1198 1199 SPPP_LOCK(sp); 1200 rv = 0; 1201 switch (cmd) { 1202 case SIOCAIFADDR: 1203 break; 1204 1205 case SIOCSIFADDR: 1206 /* set the interface "up" when assigning an IP address */ 1207 ifp->if_flags |= IFF_UP; 1208 /* FALLTHROUGH */ 1209 1210 case SIOCSIFFLAGS: 1211 going_up = ifp->if_flags & IFF_UP && 1212 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1213 going_down = (ifp->if_flags & IFF_UP) == 0 && 1214 ifp->if_drv_flags & IFF_DRV_RUNNING; 1215 1216 newmode = ifp->if_flags & IFF_PASSIVE; 1217 if (!newmode) 1218 newmode = ifp->if_flags & IFF_AUTO; 1219 if (!newmode) 1220 newmode = ifp->if_flags & IFF_CISCO; 1221 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1222 ifp->if_flags |= newmode; 1223 1224 if (!newmode) 1225 newmode = sp->pp_flags & PP_FR; 1226 1227 if (newmode != sp->pp_mode) { 1228 going_down = 1; 1229 if (!going_up) 1230 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1231 } 1232 1233 if (going_down) { 1234 if (sp->pp_mode != IFF_CISCO && 1235 sp->pp_mode != PP_FR) 1236 lcp.Close(sp); 1237 else if (sp->pp_tlf) 1238 (sp->pp_tlf)(sp); 1239 sppp_flush_unlocked(ifp); 1240 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1241 sp->pp_mode = newmode; 1242 } 1243 1244 if (going_up) { 1245 if (sp->pp_mode != IFF_CISCO && 1246 sp->pp_mode != PP_FR) 1247 lcp.Close(sp); 1248 sp->pp_mode = newmode; 1249 if (sp->pp_mode == 0) { 1250 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1251 lcp.Open(sp); 1252 } 1253 if ((sp->pp_mode == IFF_CISCO) || 1254 (sp->pp_mode == PP_FR)) { 1255 if (sp->pp_tls) 1256 (sp->pp_tls)(sp); 1257 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1258 } 1259 } 1260 1261 break; 1262 1263#ifdef SIOCSIFMTU 1264#ifndef ifr_mtu 1265#define ifr_mtu ifr_metric 1266#endif 1267 case SIOCSIFMTU: 1268 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1269 return (EINVAL); 1270 ifp->if_mtu = ifr->ifr_mtu; 1271 break; 1272#endif 1273#ifdef SLIOCSETMTU 1274 case SLIOCSETMTU: 1275 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1276 return (EINVAL); 1277 ifp->if_mtu = *(short*)data; 1278 break; 1279#endif 1280#ifdef SIOCGIFMTU 1281 case SIOCGIFMTU: 1282 ifr->ifr_mtu = ifp->if_mtu; 1283 break; 1284#endif 1285#ifdef SLIOCGETMTU 1286 case SLIOCGETMTU: 1287 *(short*)data = ifp->if_mtu; 1288 break; 1289#endif 1290 case SIOCADDMULTI: 1291 case SIOCDELMULTI: 1292 break; 1293 1294 case SIOCGIFGENERIC: 1295 case SIOCSIFGENERIC: 1296 rv = sppp_params(sp, cmd, data); 1297 break; 1298 1299 default: 1300 rv = ENOTTY; 1301 } 1302 SPPP_UNLOCK(sp); 1303 return rv; 1304} 1305 1306/* 1307 * Cisco framing implementation. 1308 */ 1309 1310/* 1311 * Handle incoming Cisco keepalive protocol packets. 1312 */ 1313static void 1314sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1315{ 1316 STDDCL; 1317 struct cisco_packet *h; 1318 u_long me, mymask; 1319 1320 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1321 if (debug) 1322 log(LOG_DEBUG, 1323 SPP_FMT "cisco invalid packet length: %d bytes\n", 1324 SPP_ARGS(ifp), m->m_pkthdr.len); 1325 return; 1326 } 1327 h = mtod (m, struct cisco_packet*); 1328 if (debug) 1329 log(LOG_DEBUG, 1330 SPP_FMT "cisco input: %d bytes " 1331 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1332 SPP_ARGS(ifp), m->m_pkthdr.len, 1333 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1334 (u_int)h->time0, (u_int)h->time1); 1335 switch (ntohl (h->type)) { 1336 default: 1337 if (debug) 1338 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1339 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1340 break; 1341 case CISCO_ADDR_REPLY: 1342 /* Reply on address request, ignore */ 1343 break; 1344 case CISCO_KEEPALIVE_REQ: 1345 sp->pp_alivecnt = 0; 1346 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1347 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1348 /* Local and remote sequence numbers are equal. 1349 * Probably, the line is in loopback mode. */ 1350 if (sp->pp_loopcnt >= MAXALIVECNT) { 1351 printf (SPP_FMT "loopback\n", 1352 SPP_ARGS(ifp)); 1353 sp->pp_loopcnt = 0; 1354 if (ifp->if_flags & IFF_UP) { 1355 if_down (ifp); 1356 sppp_qflush (&sp->pp_cpq); 1357 } 1358 } 1359 ++sp->pp_loopcnt; 1360 1361 /* Generate new local sequence number */ 1362 sp->pp_seq[IDX_LCP] = random(); 1363 break; 1364 } 1365 sp->pp_loopcnt = 0; 1366 if (! (ifp->if_flags & IFF_UP) && 1367 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1368 if_up(ifp); 1369 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1370 } 1371 break; 1372 case CISCO_ADDR_REQ: 1373 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1374 if (me != 0L) 1375 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1376 break; 1377 } 1378} 1379 1380/* 1381 * Send Cisco keepalive packet. 1382 */ 1383static void 1384sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1385{ 1386 STDDCL; 1387 struct ppp_header *h; 1388 struct cisco_packet *ch; 1389 struct mbuf *m; 1390 struct timeval tv; 1391 1392 getmicrouptime(&tv); 1393 1394 MGETHDR (m, M_NOWAIT, MT_DATA); 1395 if (! m) 1396 return; 1397 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1398 m->m_pkthdr.rcvif = 0; 1399 1400 h = mtod (m, struct ppp_header*); 1401 h->address = CISCO_MULTICAST; 1402 h->control = 0; 1403 h->protocol = htons (CISCO_KEEPALIVE); 1404 1405 ch = (struct cisco_packet*) (h + 1); 1406 ch->type = htonl (type); 1407 ch->par1 = htonl (par1); 1408 ch->par2 = htonl (par2); 1409 ch->rel = -1; 1410 1411 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1412 ch->time1 = htons ((u_short) tv.tv_sec); 1413 1414 if (debug) 1415 log(LOG_DEBUG, 1416 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1417 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1418 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1419 1420 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1421 ifp->if_oerrors++; 1422} 1423 1424/* 1425 * PPP protocol implementation. 1426 */ 1427 1428/* 1429 * Send PPP control protocol packet. 1430 */ 1431static void 1432sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1433 u_char ident, u_short len, void *data) 1434{ 1435 STDDCL; 1436 struct ppp_header *h; 1437 struct lcp_header *lh; 1438 struct mbuf *m; 1439 1440 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1441 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1442 MGETHDR (m, M_NOWAIT, MT_DATA); 1443 if (! m) 1444 return; 1445 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1446 m->m_pkthdr.rcvif = 0; 1447 1448 h = mtod (m, struct ppp_header*); 1449 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1450 h->control = PPP_UI; /* Unnumbered Info */ 1451 h->protocol = htons (proto); /* Link Control Protocol */ 1452 1453 lh = (struct lcp_header*) (h + 1); 1454 lh->type = type; 1455 lh->ident = ident; 1456 lh->len = htons (LCP_HEADER_LEN + len); 1457 if (len) 1458 bcopy (data, lh+1, len); 1459 1460 if (debug) { 1461 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1462 SPP_ARGS(ifp), 1463 sppp_proto_name(proto), 1464 sppp_cp_type_name (lh->type), lh->ident, 1465 ntohs (lh->len)); 1466 sppp_print_bytes ((u_char*) (lh+1), len); 1467 log(-1, ">\n"); 1468 } 1469 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1470 ifp->if_oerrors++; 1471} 1472 1473/* 1474 * Handle incoming PPP control protocol packets. 1475 */ 1476static void 1477sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1478{ 1479 STDDCL; 1480 struct lcp_header *h; 1481 int len = m->m_pkthdr.len; 1482 int rv; 1483 u_char *p; 1484 1485 if (len < 4) { 1486 if (debug) 1487 log(LOG_DEBUG, 1488 SPP_FMT "%s invalid packet length: %d bytes\n", 1489 SPP_ARGS(ifp), cp->name, len); 1490 return; 1491 } 1492 h = mtod (m, struct lcp_header*); 1493 if (debug) { 1494 log(LOG_DEBUG, 1495 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1496 SPP_ARGS(ifp), cp->name, 1497 sppp_state_name(sp->state[cp->protoidx]), 1498 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1499 sppp_print_bytes ((u_char*) (h+1), len-4); 1500 log(-1, ">\n"); 1501 } 1502 if (len > ntohs (h->len)) 1503 len = ntohs (h->len); 1504 p = (u_char *)(h + 1); 1505 switch (h->type) { 1506 case CONF_REQ: 1507 if (len < 4) { 1508 if (debug) 1509 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1510 SPP_ARGS(ifp), cp->name, 1511 len); 1512 ++ifp->if_ierrors; 1513 break; 1514 } 1515 /* handle states where RCR doesn't get a SCA/SCN */ 1516 switch (sp->state[cp->protoidx]) { 1517 case STATE_CLOSING: 1518 case STATE_STOPPING: 1519 return; 1520 case STATE_CLOSED: 1521 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1522 0, 0); 1523 return; 1524 } 1525 rv = (cp->RCR)(sp, h, len); 1526 switch (sp->state[cp->protoidx]) { 1527 case STATE_OPENED: 1528 (cp->tld)(sp); 1529 (cp->scr)(sp); 1530 /* FALLTHROUGH */ 1531 case STATE_ACK_SENT: 1532 case STATE_REQ_SENT: 1533 /* 1534 * sppp_cp_change_state() have the side effect of 1535 * restarting the timeouts. We want to avoid that 1536 * if the state don't change, otherwise we won't 1537 * ever timeout and resend a configuration request 1538 * that got lost. 1539 */ 1540 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1541 STATE_REQ_SENT)) 1542 break; 1543 sppp_cp_change_state(cp, sp, rv? 1544 STATE_ACK_SENT: STATE_REQ_SENT); 1545 break; 1546 case STATE_STOPPED: 1547 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1548 (cp->scr)(sp); 1549 sppp_cp_change_state(cp, sp, rv? 1550 STATE_ACK_SENT: STATE_REQ_SENT); 1551 break; 1552 case STATE_ACK_RCVD: 1553 if (rv) { 1554 sppp_cp_change_state(cp, sp, STATE_OPENED); 1555 if (debug) 1556 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1557 SPP_ARGS(ifp), 1558 cp->name); 1559 (cp->tlu)(sp); 1560 } else 1561 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1562 break; 1563 default: 1564 printf(SPP_FMT "%s illegal %s in state %s\n", 1565 SPP_ARGS(ifp), cp->name, 1566 sppp_cp_type_name(h->type), 1567 sppp_state_name(sp->state[cp->protoidx])); 1568 ++ifp->if_ierrors; 1569 } 1570 break; 1571 case CONF_ACK: 1572 if (h->ident != sp->confid[cp->protoidx]) { 1573 if (debug) 1574 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1575 SPP_ARGS(ifp), cp->name, 1576 h->ident, sp->confid[cp->protoidx]); 1577 ++ifp->if_ierrors; 1578 break; 1579 } 1580 switch (sp->state[cp->protoidx]) { 1581 case STATE_CLOSED: 1582 case STATE_STOPPED: 1583 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1584 break; 1585 case STATE_CLOSING: 1586 case STATE_STOPPING: 1587 break; 1588 case STATE_REQ_SENT: 1589 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1590 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1591 break; 1592 case STATE_OPENED: 1593 (cp->tld)(sp); 1594 /* FALLTHROUGH */ 1595 case STATE_ACK_RCVD: 1596 (cp->scr)(sp); 1597 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1598 break; 1599 case STATE_ACK_SENT: 1600 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1601 sppp_cp_change_state(cp, sp, STATE_OPENED); 1602 if (debug) 1603 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1604 SPP_ARGS(ifp), cp->name); 1605 (cp->tlu)(sp); 1606 break; 1607 default: 1608 printf(SPP_FMT "%s illegal %s in state %s\n", 1609 SPP_ARGS(ifp), cp->name, 1610 sppp_cp_type_name(h->type), 1611 sppp_state_name(sp->state[cp->protoidx])); 1612 ++ifp->if_ierrors; 1613 } 1614 break; 1615 case CONF_NAK: 1616 case CONF_REJ: 1617 if (h->ident != sp->confid[cp->protoidx]) { 1618 if (debug) 1619 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1620 SPP_ARGS(ifp), cp->name, 1621 h->ident, sp->confid[cp->protoidx]); 1622 ++ifp->if_ierrors; 1623 break; 1624 } 1625 if (h->type == CONF_NAK) 1626 (cp->RCN_nak)(sp, h, len); 1627 else /* CONF_REJ */ 1628 (cp->RCN_rej)(sp, h, len); 1629 1630 switch (sp->state[cp->protoidx]) { 1631 case STATE_CLOSED: 1632 case STATE_STOPPED: 1633 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1634 break; 1635 case STATE_REQ_SENT: 1636 case STATE_ACK_SENT: 1637 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1638 /* 1639 * Slow things down a bit if we think we might be 1640 * in loopback. Depend on the timeout to send the 1641 * next configuration request. 1642 */ 1643 if (sp->pp_loopcnt) 1644 break; 1645 (cp->scr)(sp); 1646 break; 1647 case STATE_OPENED: 1648 (cp->tld)(sp); 1649 /* FALLTHROUGH */ 1650 case STATE_ACK_RCVD: 1651 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1652 (cp->scr)(sp); 1653 break; 1654 case STATE_CLOSING: 1655 case STATE_STOPPING: 1656 break; 1657 default: 1658 printf(SPP_FMT "%s illegal %s in state %s\n", 1659 SPP_ARGS(ifp), cp->name, 1660 sppp_cp_type_name(h->type), 1661 sppp_state_name(sp->state[cp->protoidx])); 1662 ++ifp->if_ierrors; 1663 } 1664 break; 1665 1666 case TERM_REQ: 1667 switch (sp->state[cp->protoidx]) { 1668 case STATE_ACK_RCVD: 1669 case STATE_ACK_SENT: 1670 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1671 /* FALLTHROUGH */ 1672 case STATE_CLOSED: 1673 case STATE_STOPPED: 1674 case STATE_CLOSING: 1675 case STATE_STOPPING: 1676 case STATE_REQ_SENT: 1677 sta: 1678 /* Send Terminate-Ack packet. */ 1679 if (debug) 1680 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1681 SPP_ARGS(ifp), cp->name); 1682 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1683 break; 1684 case STATE_OPENED: 1685 (cp->tld)(sp); 1686 sp->rst_counter[cp->protoidx] = 0; 1687 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1688 goto sta; 1689 break; 1690 default: 1691 printf(SPP_FMT "%s illegal %s in state %s\n", 1692 SPP_ARGS(ifp), cp->name, 1693 sppp_cp_type_name(h->type), 1694 sppp_state_name(sp->state[cp->protoidx])); 1695 ++ifp->if_ierrors; 1696 } 1697 break; 1698 case TERM_ACK: 1699 switch (sp->state[cp->protoidx]) { 1700 case STATE_CLOSED: 1701 case STATE_STOPPED: 1702 case STATE_REQ_SENT: 1703 case STATE_ACK_SENT: 1704 break; 1705 case STATE_CLOSING: 1706 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1707 (cp->tlf)(sp); 1708 break; 1709 case STATE_STOPPING: 1710 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1711 (cp->tlf)(sp); 1712 break; 1713 case STATE_ACK_RCVD: 1714 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1715 break; 1716 case STATE_OPENED: 1717 (cp->tld)(sp); 1718 (cp->scr)(sp); 1719 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1720 break; 1721 default: 1722 printf(SPP_FMT "%s illegal %s in state %s\n", 1723 SPP_ARGS(ifp), cp->name, 1724 sppp_cp_type_name(h->type), 1725 sppp_state_name(sp->state[cp->protoidx])); 1726 ++ifp->if_ierrors; 1727 } 1728 break; 1729 case CODE_REJ: 1730 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1731 log(LOG_INFO, 1732 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1733 "danger will robinson\n", 1734 SPP_ARGS(ifp), cp->name, 1735 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1736 switch (sp->state[cp->protoidx]) { 1737 case STATE_CLOSED: 1738 case STATE_STOPPED: 1739 case STATE_REQ_SENT: 1740 case STATE_ACK_SENT: 1741 case STATE_CLOSING: 1742 case STATE_STOPPING: 1743 case STATE_OPENED: 1744 break; 1745 case STATE_ACK_RCVD: 1746 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1747 break; 1748 default: 1749 printf(SPP_FMT "%s illegal %s in state %s\n", 1750 SPP_ARGS(ifp), cp->name, 1751 sppp_cp_type_name(h->type), 1752 sppp_state_name(sp->state[cp->protoidx])); 1753 ++ifp->if_ierrors; 1754 } 1755 break; 1756 case PROTO_REJ: 1757 { 1758 int catastrophic; 1759 const struct cp *upper; 1760 int i; 1761 u_int16_t proto; 1762 1763 catastrophic = 0; 1764 upper = NULL; 1765 proto = ntohs(*((u_int16_t *)p)); 1766 for (i = 0; i < IDX_COUNT; i++) { 1767 if (cps[i]->proto == proto) { 1768 upper = cps[i]; 1769 break; 1770 } 1771 } 1772 if (upper == NULL) 1773 catastrophic++; 1774 1775 if (catastrophic || debug) 1776 log(catastrophic? LOG_INFO: LOG_DEBUG, 1777 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1778 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1779 sppp_cp_type_name(h->type), proto, 1780 upper ? upper->name : "unknown", 1781 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1782 1783 /* 1784 * if we got RXJ+ against conf-req, the peer does not implement 1785 * this particular protocol type. terminate the protocol. 1786 */ 1787 if (upper && !catastrophic) { 1788 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1789 upper->Close(sp); 1790 break; 1791 } 1792 } 1793 1794 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1795 switch (sp->state[cp->protoidx]) { 1796 case STATE_CLOSED: 1797 case STATE_STOPPED: 1798 case STATE_REQ_SENT: 1799 case STATE_ACK_SENT: 1800 case STATE_CLOSING: 1801 case STATE_STOPPING: 1802 case STATE_OPENED: 1803 break; 1804 case STATE_ACK_RCVD: 1805 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1806 break; 1807 default: 1808 printf(SPP_FMT "%s illegal %s in state %s\n", 1809 SPP_ARGS(ifp), cp->name, 1810 sppp_cp_type_name(h->type), 1811 sppp_state_name(sp->state[cp->protoidx])); 1812 ++ifp->if_ierrors; 1813 } 1814 break; 1815 } 1816 case DISC_REQ: 1817 if (cp->proto != PPP_LCP) 1818 goto illegal; 1819 /* Discard the packet. */ 1820 break; 1821 case ECHO_REQ: 1822 if (cp->proto != PPP_LCP) 1823 goto illegal; 1824 if (sp->state[cp->protoidx] != STATE_OPENED) { 1825 if (debug) 1826 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1827 SPP_ARGS(ifp)); 1828 ++ifp->if_ierrors; 1829 break; 1830 } 1831 if (len < 8) { 1832 if (debug) 1833 log(-1, SPP_FMT "invalid lcp echo request " 1834 "packet length: %d bytes\n", 1835 SPP_ARGS(ifp), len); 1836 break; 1837 } 1838 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1839 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1840 /* Line loopback mode detected. */ 1841 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1842 sp->pp_loopcnt = MAXALIVECNT * 5; 1843 if_down (ifp); 1844 sppp_qflush (&sp->pp_cpq); 1845 1846 /* Shut down the PPP link. */ 1847 /* XXX */ 1848 lcp.Down(sp); 1849 lcp.Up(sp); 1850 break; 1851 } 1852 *(long*)(h+1) = htonl (sp->lcp.magic); 1853 if (debug) 1854 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1855 SPP_ARGS(ifp)); 1856 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1857 break; 1858 case ECHO_REPLY: 1859 if (cp->proto != PPP_LCP) 1860 goto illegal; 1861 if (h->ident != sp->lcp.echoid) { 1862 ++ifp->if_ierrors; 1863 break; 1864 } 1865 if (len < 8) { 1866 if (debug) 1867 log(-1, SPP_FMT "lcp invalid echo reply " 1868 "packet length: %d bytes\n", 1869 SPP_ARGS(ifp), len); 1870 break; 1871 } 1872 if (debug) 1873 log(-1, SPP_FMT "lcp got echo rep\n", 1874 SPP_ARGS(ifp)); 1875 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1876 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1877 sp->pp_alivecnt = 0; 1878 break; 1879 default: 1880 /* Unknown packet type -- send Code-Reject packet. */ 1881 illegal: 1882 if (debug) 1883 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1884 SPP_ARGS(ifp), cp->name, h->type); 1885 sppp_cp_send(sp, cp->proto, CODE_REJ, 1886 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1887 ++ifp->if_ierrors; 1888 } 1889} 1890 1891 1892/* 1893 * The generic part of all Up/Down/Open/Close/TO event handlers. 1894 * Basically, the state transition handling in the automaton. 1895 */ 1896static void 1897sppp_up_event(const struct cp *cp, struct sppp *sp) 1898{ 1899 STDDCL; 1900 1901 if (debug) 1902 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1903 SPP_ARGS(ifp), cp->name, 1904 sppp_state_name(sp->state[cp->protoidx])); 1905 1906 switch (sp->state[cp->protoidx]) { 1907 case STATE_INITIAL: 1908 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1909 break; 1910 case STATE_STARTING: 1911 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1912 (cp->scr)(sp); 1913 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1914 break; 1915 default: 1916 printf(SPP_FMT "%s illegal up in state %s\n", 1917 SPP_ARGS(ifp), cp->name, 1918 sppp_state_name(sp->state[cp->protoidx])); 1919 } 1920} 1921 1922static void 1923sppp_down_event(const struct cp *cp, struct sppp *sp) 1924{ 1925 STDDCL; 1926 1927 if (debug) 1928 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1929 SPP_ARGS(ifp), cp->name, 1930 sppp_state_name(sp->state[cp->protoidx])); 1931 1932 switch (sp->state[cp->protoidx]) { 1933 case STATE_CLOSED: 1934 case STATE_CLOSING: 1935 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1936 break; 1937 case STATE_STOPPED: 1938 sppp_cp_change_state(cp, sp, STATE_STARTING); 1939 (cp->tls)(sp); 1940 break; 1941 case STATE_STOPPING: 1942 case STATE_REQ_SENT: 1943 case STATE_ACK_RCVD: 1944 case STATE_ACK_SENT: 1945 sppp_cp_change_state(cp, sp, STATE_STARTING); 1946 break; 1947 case STATE_OPENED: 1948 (cp->tld)(sp); 1949 sppp_cp_change_state(cp, sp, STATE_STARTING); 1950 break; 1951 default: 1952 printf(SPP_FMT "%s illegal down in state %s\n", 1953 SPP_ARGS(ifp), cp->name, 1954 sppp_state_name(sp->state[cp->protoidx])); 1955 } 1956} 1957 1958 1959static void 1960sppp_open_event(const struct cp *cp, struct sppp *sp) 1961{ 1962 STDDCL; 1963 1964 if (debug) 1965 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1966 SPP_ARGS(ifp), cp->name, 1967 sppp_state_name(sp->state[cp->protoidx])); 1968 1969 switch (sp->state[cp->protoidx]) { 1970 case STATE_INITIAL: 1971 sppp_cp_change_state(cp, sp, STATE_STARTING); 1972 (cp->tls)(sp); 1973 break; 1974 case STATE_STARTING: 1975 break; 1976 case STATE_CLOSED: 1977 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1978 (cp->scr)(sp); 1979 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1980 break; 1981 case STATE_STOPPED: 1982 /* 1983 * Try escaping stopped state. This seems to bite 1984 * people occasionally, in particular for IPCP, 1985 * presumably following previous IPCP negotiation 1986 * aborts. Somehow, we must have missed a Down event 1987 * which would have caused a transition into starting 1988 * state, so as a bandaid we force the Down event now. 1989 * This effectively implements (something like the) 1990 * `restart' option mentioned in the state transition 1991 * table of RFC 1661. 1992 */ 1993 sppp_cp_change_state(cp, sp, STATE_STARTING); 1994 (cp->tls)(sp); 1995 break; 1996 case STATE_STOPPING: 1997 case STATE_REQ_SENT: 1998 case STATE_ACK_RCVD: 1999 case STATE_ACK_SENT: 2000 case STATE_OPENED: 2001 break; 2002 case STATE_CLOSING: 2003 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2004 break; 2005 } 2006} 2007 2008 2009static void 2010sppp_close_event(const struct cp *cp, struct sppp *sp) 2011{ 2012 STDDCL; 2013 2014 if (debug) 2015 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2016 SPP_ARGS(ifp), cp->name, 2017 sppp_state_name(sp->state[cp->protoidx])); 2018 2019 switch (sp->state[cp->protoidx]) { 2020 case STATE_INITIAL: 2021 case STATE_CLOSED: 2022 case STATE_CLOSING: 2023 break; 2024 case STATE_STARTING: 2025 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2026 (cp->tlf)(sp); 2027 break; 2028 case STATE_STOPPED: 2029 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2030 break; 2031 case STATE_STOPPING: 2032 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2033 break; 2034 case STATE_OPENED: 2035 (cp->tld)(sp); 2036 /* FALLTHROUGH */ 2037 case STATE_REQ_SENT: 2038 case STATE_ACK_RCVD: 2039 case STATE_ACK_SENT: 2040 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2041 sppp_cp_send(sp, cp->proto, TERM_REQ, 2042 ++sp->pp_seq[cp->protoidx], 0, 0); 2043 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2044 break; 2045 } 2046} 2047 2048static void 2049sppp_to_event(const struct cp *cp, struct sppp *sp) 2050{ 2051 STDDCL; 2052 2053 SPPP_LOCK(sp); 2054 if (debug) 2055 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2056 SPP_ARGS(ifp), cp->name, 2057 sppp_state_name(sp->state[cp->protoidx]), 2058 sp->rst_counter[cp->protoidx]); 2059 2060 if (--sp->rst_counter[cp->protoidx] < 0) 2061 /* TO- event */ 2062 switch (sp->state[cp->protoidx]) { 2063 case STATE_CLOSING: 2064 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2065 (cp->tlf)(sp); 2066 break; 2067 case STATE_STOPPING: 2068 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2069 (cp->tlf)(sp); 2070 break; 2071 case STATE_REQ_SENT: 2072 case STATE_ACK_RCVD: 2073 case STATE_ACK_SENT: 2074 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2075 (cp->tlf)(sp); 2076 break; 2077 } 2078 else 2079 /* TO+ event */ 2080 switch (sp->state[cp->protoidx]) { 2081 case STATE_CLOSING: 2082 case STATE_STOPPING: 2083 sppp_cp_send(sp, cp->proto, TERM_REQ, 2084 ++sp->pp_seq[cp->protoidx], 0, 0); 2085 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2086 cp->TO, (void *)sp); 2087 break; 2088 case STATE_REQ_SENT: 2089 case STATE_ACK_RCVD: 2090 (cp->scr)(sp); 2091 /* sppp_cp_change_state() will restart the timer */ 2092 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2093 break; 2094 case STATE_ACK_SENT: 2095 (cp->scr)(sp); 2096 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2097 cp->TO, (void *)sp); 2098 break; 2099 } 2100 2101 SPPP_UNLOCK(sp); 2102} 2103 2104/* 2105 * Change the state of a control protocol in the state automaton. 2106 * Takes care of starting/stopping the restart timer. 2107 */ 2108static void 2109sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2110{ 2111 sp->state[cp->protoidx] = newstate; 2112 2113 callout_stop (&sp->ch[cp->protoidx]); 2114 2115 switch (newstate) { 2116 case STATE_INITIAL: 2117 case STATE_STARTING: 2118 case STATE_CLOSED: 2119 case STATE_STOPPED: 2120 case STATE_OPENED: 2121 break; 2122 case STATE_CLOSING: 2123 case STATE_STOPPING: 2124 case STATE_REQ_SENT: 2125 case STATE_ACK_RCVD: 2126 case STATE_ACK_SENT: 2127 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2128 cp->TO, (void *)sp); 2129 break; 2130 } 2131} 2132 2133/* 2134 *--------------------------------------------------------------------------* 2135 * * 2136 * The LCP implementation. * 2137 * * 2138 *--------------------------------------------------------------------------* 2139 */ 2140static void 2141sppp_pp_up(struct sppp *sp) 2142{ 2143 SPPP_LOCK(sp); 2144 lcp.Up(sp); 2145 SPPP_UNLOCK(sp); 2146} 2147 2148static void 2149sppp_pp_down(struct sppp *sp) 2150{ 2151 SPPP_LOCK(sp); 2152 lcp.Down(sp); 2153 SPPP_UNLOCK(sp); 2154} 2155 2156static void 2157sppp_lcp_init(struct sppp *sp) 2158{ 2159 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2160 sp->lcp.magic = 0; 2161 sp->state[IDX_LCP] = STATE_INITIAL; 2162 sp->fail_counter[IDX_LCP] = 0; 2163 sp->pp_seq[IDX_LCP] = 0; 2164 sp->pp_rseq[IDX_LCP] = 0; 2165 sp->lcp.protos = 0; 2166 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2167 2168 /* Note that these values are relevant for all control protocols */ 2169 sp->lcp.timeout = 3 * hz; 2170 sp->lcp.max_terminate = 2; 2171 sp->lcp.max_configure = 10; 2172 sp->lcp.max_failure = 10; 2173 callout_init(&sp->ch[IDX_LCP], CALLOUT_MPSAFE); 2174} 2175 2176static void 2177sppp_lcp_up(struct sppp *sp) 2178{ 2179 STDDCL; 2180 2181 sp->pp_alivecnt = 0; 2182 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2183 sp->lcp.magic = 0; 2184 sp->lcp.protos = 0; 2185 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2186 /* 2187 * If we are authenticator, negotiate LCP_AUTH 2188 */ 2189 if (sp->hisauth.proto != 0) 2190 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2191 else 2192 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2193 sp->pp_flags &= ~PP_NEEDAUTH; 2194 /* 2195 * If this interface is passive or dial-on-demand, and we are 2196 * still in Initial state, it means we've got an incoming 2197 * call. Activate the interface. 2198 */ 2199 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2200 if (debug) 2201 log(LOG_DEBUG, 2202 SPP_FMT "Up event", SPP_ARGS(ifp)); 2203 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2204 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2205 if (debug) 2206 log(-1, "(incoming call)\n"); 2207 sp->pp_flags |= PP_CALLIN; 2208 lcp.Open(sp); 2209 } else if (debug) 2210 log(-1, "\n"); 2211 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2212 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2213 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2214 lcp.Open(sp); 2215 } 2216 2217 sppp_up_event(&lcp, sp); 2218} 2219 2220static void 2221sppp_lcp_down(struct sppp *sp) 2222{ 2223 STDDCL; 2224 2225 sppp_down_event(&lcp, sp); 2226 2227 /* 2228 * If this is neither a dial-on-demand nor a passive 2229 * interface, simulate an ``ifconfig down'' action, so the 2230 * administrator can force a redial by another ``ifconfig 2231 * up''. XXX For leased line operation, should we immediately 2232 * try to reopen the connection here? 2233 */ 2234 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2235 log(LOG_INFO, 2236 SPP_FMT "Down event, taking interface down.\n", 2237 SPP_ARGS(ifp)); 2238 if_down(ifp); 2239 } else { 2240 if (debug) 2241 log(LOG_DEBUG, 2242 SPP_FMT "Down event (carrier loss)\n", 2243 SPP_ARGS(ifp)); 2244 sp->pp_flags &= ~PP_CALLIN; 2245 if (sp->state[IDX_LCP] != STATE_INITIAL) 2246 lcp.Close(sp); 2247 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2248 } 2249} 2250 2251static void 2252sppp_lcp_open(struct sppp *sp) 2253{ 2254 sppp_open_event(&lcp, sp); 2255} 2256 2257static void 2258sppp_lcp_close(struct sppp *sp) 2259{ 2260 sppp_close_event(&lcp, sp); 2261} 2262 2263static void 2264sppp_lcp_TO(void *cookie) 2265{ 2266 sppp_to_event(&lcp, (struct sppp *)cookie); 2267} 2268 2269/* 2270 * Analyze a configure request. Return true if it was agreeable, and 2271 * caused action sca, false if it has been rejected or nak'ed, and 2272 * caused action scn. (The return value is used to make the state 2273 * transition decision in the state automaton.) 2274 */ 2275static int 2276sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2277{ 2278 STDDCL; 2279 u_char *buf, *r, *p; 2280 int origlen, rlen; 2281 u_long nmagic; 2282 u_short authproto; 2283 2284 len -= 4; 2285 origlen = len; 2286 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2287 if (! buf) 2288 return (0); 2289 2290 if (debug) 2291 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2292 SPP_ARGS(ifp)); 2293 2294 /* pass 1: check for things that need to be rejected */ 2295 p = (void*) (h+1); 2296 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2297 len-=p[1], p+=p[1]) { 2298 if (debug) 2299 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2300 switch (*p) { 2301 case LCP_OPT_MAGIC: 2302 /* Magic number. */ 2303 if (len >= 6 && p[1] == 6) 2304 continue; 2305 if (debug) 2306 log(-1, "[invalid] "); 2307 break; 2308 case LCP_OPT_ASYNC_MAP: 2309 /* Async control character map. */ 2310 if (len >= 6 && p[1] == 6) 2311 continue; 2312 if (debug) 2313 log(-1, "[invalid] "); 2314 break; 2315 case LCP_OPT_MRU: 2316 /* Maximum receive unit. */ 2317 if (len >= 4 && p[1] == 4) 2318 continue; 2319 if (debug) 2320 log(-1, "[invalid] "); 2321 break; 2322 case LCP_OPT_AUTH_PROTO: 2323 if (len < 4) { 2324 if (debug) 2325 log(-1, "[invalid] "); 2326 break; 2327 } 2328 authproto = (p[2] << 8) + p[3]; 2329 if (authproto == PPP_CHAP && p[1] != 5) { 2330 if (debug) 2331 log(-1, "[invalid chap len] "); 2332 break; 2333 } 2334 if (sp->myauth.proto == 0) { 2335 /* we are not configured to do auth */ 2336 if (debug) 2337 log(-1, "[not configured] "); 2338 break; 2339 } 2340 /* 2341 * Remote want us to authenticate, remember this, 2342 * so we stay in PHASE_AUTHENTICATE after LCP got 2343 * up. 2344 */ 2345 sp->pp_flags |= PP_NEEDAUTH; 2346 continue; 2347 default: 2348 /* Others not supported. */ 2349 if (debug) 2350 log(-1, "[rej] "); 2351 break; 2352 } 2353 /* Add the option to rejected list. */ 2354 bcopy (p, r, p[1]); 2355 r += p[1]; 2356 rlen += p[1]; 2357 } 2358 if (rlen) { 2359 if (debug) 2360 log(-1, " send conf-rej\n"); 2361 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2362 return 0; 2363 } else if (debug) 2364 log(-1, "\n"); 2365 2366 /* 2367 * pass 2: check for option values that are unacceptable and 2368 * thus require to be nak'ed. 2369 */ 2370 if (debug) 2371 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2372 SPP_ARGS(ifp)); 2373 2374 p = (void*) (h+1); 2375 len = origlen; 2376 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2377 len-=p[1], p+=p[1]) { 2378 if (debug) 2379 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2380 switch (*p) { 2381 case LCP_OPT_MAGIC: 2382 /* Magic number -- extract. */ 2383 nmagic = (u_long)p[2] << 24 | 2384 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2385 if (nmagic != sp->lcp.magic) { 2386 sp->pp_loopcnt = 0; 2387 if (debug) 2388 log(-1, "0x%lx ", nmagic); 2389 continue; 2390 } 2391 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2392 log(-1, "[glitch] "); 2393 ++sp->pp_loopcnt; 2394 /* 2395 * We negate our magic here, and NAK it. If 2396 * we see it later in an NAK packet, we 2397 * suggest a new one. 2398 */ 2399 nmagic = ~sp->lcp.magic; 2400 /* Gonna NAK it. */ 2401 p[2] = nmagic >> 24; 2402 p[3] = nmagic >> 16; 2403 p[4] = nmagic >> 8; 2404 p[5] = nmagic; 2405 break; 2406 2407 case LCP_OPT_ASYNC_MAP: 2408 /* 2409 * Async control character map -- just ignore it. 2410 * 2411 * Quote from RFC 1662, chapter 6: 2412 * To enable this functionality, synchronous PPP 2413 * implementations MUST always respond to the 2414 * Async-Control-Character-Map Configuration 2415 * Option with the LCP Configure-Ack. However, 2416 * acceptance of the Configuration Option does 2417 * not imply that the synchronous implementation 2418 * will do any ACCM mapping. Instead, all such 2419 * octet mapping will be performed by the 2420 * asynchronous-to-synchronous converter. 2421 */ 2422 continue; 2423 2424 case LCP_OPT_MRU: 2425 /* 2426 * Maximum receive unit. Always agreeable, 2427 * but ignored by now. 2428 */ 2429 sp->lcp.their_mru = p[2] * 256 + p[3]; 2430 if (debug) 2431 log(-1, "%lu ", sp->lcp.their_mru); 2432 continue; 2433 2434 case LCP_OPT_AUTH_PROTO: 2435 authproto = (p[2] << 8) + p[3]; 2436 if (sp->myauth.proto != authproto) { 2437 /* not agreed, nak */ 2438 if (debug) 2439 log(-1, "[mine %s != his %s] ", 2440 sppp_proto_name(sp->hisauth.proto), 2441 sppp_proto_name(authproto)); 2442 p[2] = sp->myauth.proto >> 8; 2443 p[3] = sp->myauth.proto; 2444 break; 2445 } 2446 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2447 if (debug) 2448 log(-1, "[chap not MD5] "); 2449 p[4] = CHAP_MD5; 2450 break; 2451 } 2452 continue; 2453 } 2454 /* Add the option to nak'ed list. */ 2455 bcopy (p, r, p[1]); 2456 r += p[1]; 2457 rlen += p[1]; 2458 } 2459 if (rlen) { 2460 /* 2461 * Local and remote magics equal -- loopback? 2462 */ 2463 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2464 if (sp->pp_loopcnt == MAXALIVECNT*5) 2465 printf (SPP_FMT "loopback\n", 2466 SPP_ARGS(ifp)); 2467 if (ifp->if_flags & IFF_UP) { 2468 if_down(ifp); 2469 sppp_qflush(&sp->pp_cpq); 2470 /* XXX ? */ 2471 lcp.Down(sp); 2472 lcp.Up(sp); 2473 } 2474 } else if (!sp->pp_loopcnt && 2475 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2476 if (debug) 2477 log(-1, " max_failure (%d) exceeded, " 2478 "send conf-rej\n", 2479 sp->lcp.max_failure); 2480 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2481 } else { 2482 if (debug) 2483 log(-1, " send conf-nak\n"); 2484 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2485 } 2486 } else { 2487 if (debug) 2488 log(-1, " send conf-ack\n"); 2489 sp->fail_counter[IDX_LCP] = 0; 2490 sp->pp_loopcnt = 0; 2491 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2492 h->ident, origlen, h+1); 2493 } 2494 2495 free (buf, M_TEMP); 2496 return (rlen == 0); 2497} 2498 2499/* 2500 * Analyze the LCP Configure-Reject option list, and adjust our 2501 * negotiation. 2502 */ 2503static void 2504sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2505{ 2506 STDDCL; 2507 u_char *buf, *p; 2508 2509 len -= 4; 2510 buf = malloc (len, M_TEMP, M_NOWAIT); 2511 if (!buf) 2512 return; 2513 2514 if (debug) 2515 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2516 SPP_ARGS(ifp)); 2517 2518 p = (void*) (h+1); 2519 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2520 len -= p[1], p += p[1]) { 2521 if (debug) 2522 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2523 switch (*p) { 2524 case LCP_OPT_MAGIC: 2525 /* Magic number -- can't use it, use 0 */ 2526 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2527 sp->lcp.magic = 0; 2528 break; 2529 case LCP_OPT_MRU: 2530 /* 2531 * Should not be rejected anyway, since we only 2532 * negotiate a MRU if explicitly requested by 2533 * peer. 2534 */ 2535 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2536 break; 2537 case LCP_OPT_AUTH_PROTO: 2538 /* 2539 * Peer doesn't want to authenticate himself, 2540 * deny unless this is a dialout call, and 2541 * AUTHFLAG_NOCALLOUT is set. 2542 */ 2543 if ((sp->pp_flags & PP_CALLIN) == 0 && 2544 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2545 if (debug) 2546 log(-1, "[don't insist on auth " 2547 "for callout]"); 2548 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2549 break; 2550 } 2551 if (debug) 2552 log(-1, "[access denied]\n"); 2553 lcp.Close(sp); 2554 break; 2555 } 2556 } 2557 if (debug) 2558 log(-1, "\n"); 2559 free (buf, M_TEMP); 2560 return; 2561} 2562 2563/* 2564 * Analyze the LCP Configure-NAK option list, and adjust our 2565 * negotiation. 2566 */ 2567static void 2568sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2569{ 2570 STDDCL; 2571 u_char *buf, *p; 2572 u_long magic; 2573 2574 len -= 4; 2575 buf = malloc (len, M_TEMP, M_NOWAIT); 2576 if (!buf) 2577 return; 2578 2579 if (debug) 2580 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2581 SPP_ARGS(ifp)); 2582 2583 p = (void*) (h+1); 2584 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2585 len -= p[1], p += p[1]) { 2586 if (debug) 2587 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2588 switch (*p) { 2589 case LCP_OPT_MAGIC: 2590 /* Magic number -- renegotiate */ 2591 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2592 len >= 6 && p[1] == 6) { 2593 magic = (u_long)p[2] << 24 | 2594 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2595 /* 2596 * If the remote magic is our negated one, 2597 * this looks like a loopback problem. 2598 * Suggest a new magic to make sure. 2599 */ 2600 if (magic == ~sp->lcp.magic) { 2601 if (debug) 2602 log(-1, "magic glitch "); 2603 sp->lcp.magic = random(); 2604 } else { 2605 sp->lcp.magic = magic; 2606 if (debug) 2607 log(-1, "%lu ", magic); 2608 } 2609 } 2610 break; 2611 case LCP_OPT_MRU: 2612 /* 2613 * Peer wants to advise us to negotiate an MRU. 2614 * Agree on it if it's reasonable, or use 2615 * default otherwise. 2616 */ 2617 if (len >= 4 && p[1] == 4) { 2618 u_int mru = p[2] * 256 + p[3]; 2619 if (debug) 2620 log(-1, "%d ", mru); 2621 if (mru < PP_MTU || mru > PP_MAX_MRU) 2622 mru = PP_MTU; 2623 sp->lcp.mru = mru; 2624 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2625 } 2626 break; 2627 case LCP_OPT_AUTH_PROTO: 2628 /* 2629 * Peer doesn't like our authentication method, 2630 * deny. 2631 */ 2632 if (debug) 2633 log(-1, "[access denied]\n"); 2634 lcp.Close(sp); 2635 break; 2636 } 2637 } 2638 if (debug) 2639 log(-1, "\n"); 2640 free (buf, M_TEMP); 2641 return; 2642} 2643 2644static void 2645sppp_lcp_tlu(struct sppp *sp) 2646{ 2647 STDDCL; 2648 int i; 2649 u_long mask; 2650 2651 /* XXX ? */ 2652 if (! (ifp->if_flags & IFF_UP) && 2653 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2654 /* Coming out of loopback mode. */ 2655 if_up(ifp); 2656 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2657 } 2658 2659 for (i = 0; i < IDX_COUNT; i++) 2660 if ((cps[i])->flags & CP_QUAL) 2661 (cps[i])->Open(sp); 2662 2663 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2664 (sp->pp_flags & PP_NEEDAUTH) != 0) 2665 sp->pp_phase = PHASE_AUTHENTICATE; 2666 else 2667 sp->pp_phase = PHASE_NETWORK; 2668 2669 if (debug) 2670 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2671 sppp_phase_name(sp->pp_phase)); 2672 2673 /* 2674 * Open all authentication protocols. This is even required 2675 * if we already proceeded to network phase, since it might be 2676 * that remote wants us to authenticate, so we might have to 2677 * send a PAP request. Undesired authentication protocols 2678 * don't do anything when they get an Open event. 2679 */ 2680 for (i = 0; i < IDX_COUNT; i++) 2681 if ((cps[i])->flags & CP_AUTH) 2682 (cps[i])->Open(sp); 2683 2684 if (sp->pp_phase == PHASE_NETWORK) { 2685 /* Notify all NCPs. */ 2686 for (i = 0; i < IDX_COUNT; i++) 2687 if (((cps[i])->flags & CP_NCP) && 2688 /* 2689 * XXX 2690 * Hack to administratively disable IPv6 if 2691 * not desired. Perhaps we should have another 2692 * flag for this, but right now, we can make 2693 * all struct cp's read/only. 2694 */ 2695 (cps[i] != &ipv6cp || 2696 (sp->confflags & CONF_ENABLE_IPV6))) 2697 (cps[i])->Open(sp); 2698 } 2699 2700 /* Send Up events to all started protos. */ 2701 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2702 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2703 (cps[i])->Up(sp); 2704 2705 /* notify low-level driver of state change */ 2706 if (sp->pp_chg) 2707 sp->pp_chg(sp, (int)sp->pp_phase); 2708 2709 if (sp->pp_phase == PHASE_NETWORK) 2710 /* if no NCP is starting, close down */ 2711 sppp_lcp_check_and_close(sp); 2712} 2713 2714static void 2715sppp_lcp_tld(struct sppp *sp) 2716{ 2717 STDDCL; 2718 int i; 2719 u_long mask; 2720 2721 sp->pp_phase = PHASE_TERMINATE; 2722 2723 if (debug) 2724 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2725 sppp_phase_name(sp->pp_phase)); 2726 2727 /* 2728 * Take upper layers down. We send the Down event first and 2729 * the Close second to prevent the upper layers from sending 2730 * ``a flurry of terminate-request packets'', as the RFC 2731 * describes it. 2732 */ 2733 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2734 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2735 (cps[i])->Down(sp); 2736 (cps[i])->Close(sp); 2737 } 2738} 2739 2740static void 2741sppp_lcp_tls(struct sppp *sp) 2742{ 2743 STDDCL; 2744 2745 sp->pp_phase = PHASE_ESTABLISH; 2746 2747 if (debug) 2748 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2749 sppp_phase_name(sp->pp_phase)); 2750 2751 /* Notify lower layer if desired. */ 2752 if (sp->pp_tls) 2753 (sp->pp_tls)(sp); 2754 else 2755 (sp->pp_up)(sp); 2756} 2757 2758static void 2759sppp_lcp_tlf(struct sppp *sp) 2760{ 2761 STDDCL; 2762 2763 sp->pp_phase = PHASE_DEAD; 2764 if (debug) 2765 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2766 sppp_phase_name(sp->pp_phase)); 2767 2768 /* Notify lower layer if desired. */ 2769 if (sp->pp_tlf) 2770 (sp->pp_tlf)(sp); 2771 else 2772 (sp->pp_down)(sp); 2773} 2774 2775static void 2776sppp_lcp_scr(struct sppp *sp) 2777{ 2778 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2779 int i = 0; 2780 u_short authproto; 2781 2782 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2783 if (! sp->lcp.magic) 2784 sp->lcp.magic = random(); 2785 opt[i++] = LCP_OPT_MAGIC; 2786 opt[i++] = 6; 2787 opt[i++] = sp->lcp.magic >> 24; 2788 opt[i++] = sp->lcp.magic >> 16; 2789 opt[i++] = sp->lcp.magic >> 8; 2790 opt[i++] = sp->lcp.magic; 2791 } 2792 2793 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2794 opt[i++] = LCP_OPT_MRU; 2795 opt[i++] = 4; 2796 opt[i++] = sp->lcp.mru >> 8; 2797 opt[i++] = sp->lcp.mru; 2798 } 2799 2800 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2801 authproto = sp->hisauth.proto; 2802 opt[i++] = LCP_OPT_AUTH_PROTO; 2803 opt[i++] = authproto == PPP_CHAP? 5: 4; 2804 opt[i++] = authproto >> 8; 2805 opt[i++] = authproto; 2806 if (authproto == PPP_CHAP) 2807 opt[i++] = CHAP_MD5; 2808 } 2809 2810 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2811 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2812} 2813 2814/* 2815 * Check the open NCPs, return true if at least one NCP is open. 2816 */ 2817static int 2818sppp_ncp_check(struct sppp *sp) 2819{ 2820 int i, mask; 2821 2822 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2823 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2824 return 1; 2825 return 0; 2826} 2827 2828/* 2829 * Re-check the open NCPs and see if we should terminate the link. 2830 * Called by the NCPs during their tlf action handling. 2831 */ 2832static void 2833sppp_lcp_check_and_close(struct sppp *sp) 2834{ 2835 2836 if (sp->pp_phase < PHASE_NETWORK) 2837 /* don't bother, we are already going down */ 2838 return; 2839 2840 if (sppp_ncp_check(sp)) 2841 return; 2842 2843 lcp.Close(sp); 2844} 2845 2846/* 2847 *--------------------------------------------------------------------------* 2848 * * 2849 * The IPCP implementation. * 2850 * * 2851 *--------------------------------------------------------------------------* 2852 */ 2853 2854#ifdef INET 2855static void 2856sppp_ipcp_init(struct sppp *sp) 2857{ 2858 sp->ipcp.opts = 0; 2859 sp->ipcp.flags = 0; 2860 sp->state[IDX_IPCP] = STATE_INITIAL; 2861 sp->fail_counter[IDX_IPCP] = 0; 2862 sp->pp_seq[IDX_IPCP] = 0; 2863 sp->pp_rseq[IDX_IPCP] = 0; 2864 callout_init(&sp->ch[IDX_IPCP], CALLOUT_MPSAFE); 2865} 2866 2867static void 2868sppp_ipcp_up(struct sppp *sp) 2869{ 2870 sppp_up_event(&ipcp, sp); 2871} 2872 2873static void 2874sppp_ipcp_down(struct sppp *sp) 2875{ 2876 sppp_down_event(&ipcp, sp); 2877} 2878 2879static void 2880sppp_ipcp_open(struct sppp *sp) 2881{ 2882 STDDCL; 2883 u_long myaddr, hisaddr; 2884 2885 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2886 IPCP_MYADDR_DYN | IPCP_VJ); 2887 sp->ipcp.opts = 0; 2888 2889 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2890 /* 2891 * If we don't have his address, this probably means our 2892 * interface doesn't want to talk IP at all. (This could 2893 * be the case if somebody wants to speak only IPX, for 2894 * example.) Don't open IPCP in this case. 2895 */ 2896 if (hisaddr == 0L) { 2897 /* XXX this message should go away */ 2898 if (debug) 2899 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2900 SPP_ARGS(ifp)); 2901 return; 2902 } 2903 if (myaddr == 0L) { 2904 /* 2905 * I don't have an assigned address, so i need to 2906 * negotiate my address. 2907 */ 2908 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2909 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2910 } else 2911 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2912 if (sp->confflags & CONF_ENABLE_VJ) { 2913 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2914 sp->ipcp.max_state = MAX_STATES - 1; 2915 sp->ipcp.compress_cid = 1; 2916 } 2917 sppp_open_event(&ipcp, sp); 2918} 2919 2920static void 2921sppp_ipcp_close(struct sppp *sp) 2922{ 2923 sppp_close_event(&ipcp, sp); 2924 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2925 /* 2926 * My address was dynamic, clear it again. 2927 */ 2928 sppp_set_ip_addr(sp, 0L); 2929} 2930 2931static void 2932sppp_ipcp_TO(void *cookie) 2933{ 2934 sppp_to_event(&ipcp, (struct sppp *)cookie); 2935} 2936 2937/* 2938 * Analyze a configure request. Return true if it was agreeable, and 2939 * caused action sca, false if it has been rejected or nak'ed, and 2940 * caused action scn. (The return value is used to make the state 2941 * transition decision in the state automaton.) 2942 */ 2943static int 2944sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2945{ 2946 u_char *buf, *r, *p; 2947 struct ifnet *ifp = SP2IFP(sp); 2948 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2949 u_long hisaddr, desiredaddr; 2950 int gotmyaddr = 0; 2951 int desiredcomp; 2952 2953 len -= 4; 2954 origlen = len; 2955 /* 2956 * Make sure to allocate a buf that can at least hold a 2957 * conf-nak with an `address' option. We might need it below. 2958 */ 2959 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2960 if (! buf) 2961 return (0); 2962 2963 /* pass 1: see if we can recognize them */ 2964 if (debug) 2965 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2966 SPP_ARGS(ifp)); 2967 p = (void*) (h+1); 2968 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2969 len-=p[1], p+=p[1]) { 2970 if (debug) 2971 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2972 switch (*p) { 2973 case IPCP_OPT_COMPRESSION: 2974 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2975 /* VJ compression administratively disabled */ 2976 if (debug) 2977 log(-1, "[locally disabled] "); 2978 break; 2979 } 2980 /* 2981 * In theory, we should only conf-rej an 2982 * option that is shorter than RFC 1618 2983 * requires (i.e. < 4), and should conf-nak 2984 * anything else that is not VJ. However, 2985 * since our algorithm always uses the 2986 * original option to NAK it with new values, 2987 * things would become more complicated. In 2988 * pratice, the only commonly implemented IP 2989 * compression option is VJ anyway, so the 2990 * difference is negligible. 2991 */ 2992 if (len >= 6 && p[1] == 6) { 2993 /* 2994 * correctly formed compression option 2995 * that could be VJ compression 2996 */ 2997 continue; 2998 } 2999 if (debug) 3000 log(-1, 3001 "optlen %d [invalid/unsupported] ", 3002 p[1]); 3003 break; 3004 case IPCP_OPT_ADDRESS: 3005 if (len >= 6 && p[1] == 6) { 3006 /* correctly formed address option */ 3007 continue; 3008 } 3009 if (debug) 3010 log(-1, "[invalid] "); 3011 break; 3012 default: 3013 /* Others not supported. */ 3014 if (debug) 3015 log(-1, "[rej] "); 3016 break; 3017 } 3018 /* Add the option to rejected list. */ 3019 bcopy (p, r, p[1]); 3020 r += p[1]; 3021 rlen += p[1]; 3022 } 3023 if (rlen) { 3024 if (debug) 3025 log(-1, " send conf-rej\n"); 3026 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3027 return 0; 3028 } else if (debug) 3029 log(-1, "\n"); 3030 3031 /* pass 2: parse option values */ 3032 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3033 if (debug) 3034 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3035 SPP_ARGS(ifp)); 3036 p = (void*) (h+1); 3037 len = origlen; 3038 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3039 len-=p[1], p+=p[1]) { 3040 if (debug) 3041 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3042 switch (*p) { 3043 case IPCP_OPT_COMPRESSION: 3044 desiredcomp = p[2] << 8 | p[3]; 3045 /* We only support VJ */ 3046 if (desiredcomp == IPCP_COMP_VJ) { 3047 if (debug) 3048 log(-1, "VJ [ack] "); 3049 sp->ipcp.flags |= IPCP_VJ; 3050 sl_compress_init(sp->pp_comp, p[4]); 3051 sp->ipcp.max_state = p[4]; 3052 sp->ipcp.compress_cid = p[5]; 3053 continue; 3054 } 3055 if (debug) 3056 log(-1, 3057 "compproto %#04x [not supported] ", 3058 desiredcomp); 3059 p[2] = IPCP_COMP_VJ >> 8; 3060 p[3] = IPCP_COMP_VJ; 3061 p[4] = sp->ipcp.max_state; 3062 p[5] = sp->ipcp.compress_cid; 3063 break; 3064 case IPCP_OPT_ADDRESS: 3065 /* This is the address he wants in his end */ 3066 desiredaddr = p[2] << 24 | p[3] << 16 | 3067 p[4] << 8 | p[5]; 3068 if (desiredaddr == hisaddr || 3069 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3070 /* 3071 * Peer's address is same as our value, 3072 * or we have set it to 0.0.0.* to 3073 * indicate that we do not really care, 3074 * this is agreeable. Gonna conf-ack 3075 * it. 3076 */ 3077 if (debug) 3078 log(-1, "%s [ack] ", 3079 sppp_dotted_quad(hisaddr)); 3080 /* record that we've seen it already */ 3081 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3082 continue; 3083 } 3084 /* 3085 * The address wasn't agreeable. This is either 3086 * he sent us 0.0.0.0, asking to assign him an 3087 * address, or he send us another address not 3088 * matching our value. Either case, we gonna 3089 * conf-nak it with our value. 3090 * XXX: we should "rej" if hisaddr == 0 3091 */ 3092 if (debug) { 3093 if (desiredaddr == 0) 3094 log(-1, "[addr requested] "); 3095 else 3096 log(-1, "%s [not agreed] ", 3097 sppp_dotted_quad(desiredaddr)); 3098 3099 } 3100 p[2] = hisaddr >> 24; 3101 p[3] = hisaddr >> 16; 3102 p[4] = hisaddr >> 8; 3103 p[5] = hisaddr; 3104 break; 3105 } 3106 /* Add the option to nak'ed list. */ 3107 bcopy (p, r, p[1]); 3108 r += p[1]; 3109 rlen += p[1]; 3110 } 3111 3112 /* 3113 * If we are about to conf-ack the request, but haven't seen 3114 * his address so far, gonna conf-nak it instead, with the 3115 * `address' option present and our idea of his address being 3116 * filled in there, to request negotiation of both addresses. 3117 * 3118 * XXX This can result in an endless req - nak loop if peer 3119 * doesn't want to send us his address. Q: What should we do 3120 * about it? XXX A: implement the max-failure counter. 3121 */ 3122 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3123 buf[0] = IPCP_OPT_ADDRESS; 3124 buf[1] = 6; 3125 buf[2] = hisaddr >> 24; 3126 buf[3] = hisaddr >> 16; 3127 buf[4] = hisaddr >> 8; 3128 buf[5] = hisaddr; 3129 rlen = 6; 3130 if (debug) 3131 log(-1, "still need hisaddr "); 3132 } 3133 3134 if (rlen) { 3135 if (debug) 3136 log(-1, " send conf-nak\n"); 3137 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3138 } else { 3139 if (debug) 3140 log(-1, " send conf-ack\n"); 3141 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3142 h->ident, origlen, h+1); 3143 } 3144 3145 free (buf, M_TEMP); 3146 return (rlen == 0); 3147} 3148 3149/* 3150 * Analyze the IPCP Configure-Reject option list, and adjust our 3151 * negotiation. 3152 */ 3153static void 3154sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3155{ 3156 u_char *buf, *p; 3157 struct ifnet *ifp = SP2IFP(sp); 3158 int debug = ifp->if_flags & IFF_DEBUG; 3159 3160 len -= 4; 3161 buf = malloc (len, M_TEMP, M_NOWAIT); 3162 if (!buf) 3163 return; 3164 3165 if (debug) 3166 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3167 SPP_ARGS(ifp)); 3168 3169 p = (void*) (h+1); 3170 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3171 len -= p[1], p += p[1]) { 3172 if (debug) 3173 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3174 switch (*p) { 3175 case IPCP_OPT_COMPRESSION: 3176 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3177 break; 3178 case IPCP_OPT_ADDRESS: 3179 /* 3180 * Peer doesn't grok address option. This is 3181 * bad. XXX Should we better give up here? 3182 * XXX We could try old "addresses" option... 3183 */ 3184 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3185 break; 3186 } 3187 } 3188 if (debug) 3189 log(-1, "\n"); 3190 free (buf, M_TEMP); 3191 return; 3192} 3193 3194/* 3195 * Analyze the IPCP Configure-NAK option list, and adjust our 3196 * negotiation. 3197 */ 3198static void 3199sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3200{ 3201 u_char *buf, *p; 3202 struct ifnet *ifp = SP2IFP(sp); 3203 int debug = ifp->if_flags & IFF_DEBUG; 3204 int desiredcomp; 3205 u_long wantaddr; 3206 3207 len -= 4; 3208 buf = malloc (len, M_TEMP, M_NOWAIT); 3209 if (!buf) 3210 return; 3211 3212 if (debug) 3213 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3214 SPP_ARGS(ifp)); 3215 3216 p = (void*) (h+1); 3217 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3218 len -= p[1], p += p[1]) { 3219 if (debug) 3220 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3221 switch (*p) { 3222 case IPCP_OPT_COMPRESSION: 3223 if (len >= 6 && p[1] == 6) { 3224 desiredcomp = p[2] << 8 | p[3]; 3225 if (debug) 3226 log(-1, "[wantcomp %#04x] ", 3227 desiredcomp); 3228 if (desiredcomp == IPCP_COMP_VJ) { 3229 sl_compress_init(sp->pp_comp, p[4]); 3230 sp->ipcp.max_state = p[4]; 3231 sp->ipcp.compress_cid = p[5]; 3232 if (debug) 3233 log(-1, "[agree] "); 3234 } else 3235 sp->ipcp.opts &= 3236 ~(1 << IPCP_OPT_COMPRESSION); 3237 } 3238 break; 3239 case IPCP_OPT_ADDRESS: 3240 /* 3241 * Peer doesn't like our local IP address. See 3242 * if we can do something for him. We'll drop 3243 * him our address then. 3244 */ 3245 if (len >= 6 && p[1] == 6) { 3246 wantaddr = p[2] << 24 | p[3] << 16 | 3247 p[4] << 8 | p[5]; 3248 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3249 if (debug) 3250 log(-1, "[wantaddr %s] ", 3251 sppp_dotted_quad(wantaddr)); 3252 /* 3253 * When doing dynamic address assignment, 3254 * we accept his offer. Otherwise, we 3255 * ignore it and thus continue to negotiate 3256 * our already existing value. 3257 * XXX: Bogus, if he said no once, he'll 3258 * just say no again, might as well die. 3259 */ 3260 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3261 sppp_set_ip_addr(sp, wantaddr); 3262 if (debug) 3263 log(-1, "[agree] "); 3264 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3265 } 3266 } 3267 break; 3268 } 3269 } 3270 if (debug) 3271 log(-1, "\n"); 3272 free (buf, M_TEMP); 3273 return; 3274} 3275 3276static void 3277sppp_ipcp_tlu(struct sppp *sp) 3278{ 3279 /* we are up - notify isdn daemon */ 3280 if (sp->pp_con) 3281 sp->pp_con(sp); 3282} 3283 3284static void 3285sppp_ipcp_tld(struct sppp *sp) 3286{ 3287} 3288 3289static void 3290sppp_ipcp_tls(struct sppp *sp) 3291{ 3292 /* indicate to LCP that it must stay alive */ 3293 sp->lcp.protos |= (1 << IDX_IPCP); 3294} 3295 3296static void 3297sppp_ipcp_tlf(struct sppp *sp) 3298{ 3299 /* we no longer need LCP */ 3300 sp->lcp.protos &= ~(1 << IDX_IPCP); 3301 sppp_lcp_check_and_close(sp); 3302} 3303 3304static void 3305sppp_ipcp_scr(struct sppp *sp) 3306{ 3307 char opt[6 /* compression */ + 6 /* address */]; 3308 u_long ouraddr; 3309 int i = 0; 3310 3311 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3312 opt[i++] = IPCP_OPT_COMPRESSION; 3313 opt[i++] = 6; 3314 opt[i++] = IPCP_COMP_VJ >> 8; 3315 opt[i++] = IPCP_COMP_VJ; 3316 opt[i++] = sp->ipcp.max_state; 3317 opt[i++] = sp->ipcp.compress_cid; 3318 } 3319 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3320 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3321 opt[i++] = IPCP_OPT_ADDRESS; 3322 opt[i++] = 6; 3323 opt[i++] = ouraddr >> 24; 3324 opt[i++] = ouraddr >> 16; 3325 opt[i++] = ouraddr >> 8; 3326 opt[i++] = ouraddr; 3327 } 3328 3329 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3330 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3331} 3332#else /* !INET */ 3333static void 3334sppp_ipcp_init(struct sppp *sp) 3335{ 3336} 3337 3338static void 3339sppp_ipcp_up(struct sppp *sp) 3340{ 3341} 3342 3343static void 3344sppp_ipcp_down(struct sppp *sp) 3345{ 3346} 3347 3348static void 3349sppp_ipcp_open(struct sppp *sp) 3350{ 3351} 3352 3353static void 3354sppp_ipcp_close(struct sppp *sp) 3355{ 3356} 3357 3358static void 3359sppp_ipcp_TO(void *cookie) 3360{ 3361} 3362 3363static int 3364sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3365{ 3366 return (0); 3367} 3368 3369static void 3370sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3371{ 3372} 3373 3374static void 3375sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3376{ 3377} 3378 3379static void 3380sppp_ipcp_tlu(struct sppp *sp) 3381{ 3382} 3383 3384static void 3385sppp_ipcp_tld(struct sppp *sp) 3386{ 3387} 3388 3389static void 3390sppp_ipcp_tls(struct sppp *sp) 3391{ 3392} 3393 3394static void 3395sppp_ipcp_tlf(struct sppp *sp) 3396{ 3397} 3398 3399static void 3400sppp_ipcp_scr(struct sppp *sp) 3401{ 3402} 3403#endif 3404 3405/* 3406 *--------------------------------------------------------------------------* 3407 * * 3408 * The IPv6CP implementation. * 3409 * * 3410 *--------------------------------------------------------------------------* 3411 */ 3412 3413#ifdef INET6 3414static void 3415sppp_ipv6cp_init(struct sppp *sp) 3416{ 3417 sp->ipv6cp.opts = 0; 3418 sp->ipv6cp.flags = 0; 3419 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3420 sp->fail_counter[IDX_IPV6CP] = 0; 3421 sp->pp_seq[IDX_IPV6CP] = 0; 3422 sp->pp_rseq[IDX_IPV6CP] = 0; 3423 callout_init(&sp->ch[IDX_IPV6CP], CALLOUT_MPSAFE); 3424} 3425 3426static void 3427sppp_ipv6cp_up(struct sppp *sp) 3428{ 3429 sppp_up_event(&ipv6cp, sp); 3430} 3431 3432static void 3433sppp_ipv6cp_down(struct sppp *sp) 3434{ 3435 sppp_down_event(&ipv6cp, sp); 3436} 3437 3438static void 3439sppp_ipv6cp_open(struct sppp *sp) 3440{ 3441 STDDCL; 3442 struct in6_addr myaddr, hisaddr; 3443 3444#ifdef IPV6CP_MYIFID_DYN 3445 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3446#else 3447 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3448#endif 3449 3450 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3451 /* 3452 * If we don't have our address, this probably means our 3453 * interface doesn't want to talk IPv6 at all. (This could 3454 * be the case if somebody wants to speak only IPX, for 3455 * example.) Don't open IPv6CP in this case. 3456 */ 3457 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3458 /* XXX this message should go away */ 3459 if (debug) 3460 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3461 SPP_ARGS(ifp)); 3462 return; 3463 } 3464 3465 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3466 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3467 sppp_open_event(&ipv6cp, sp); 3468} 3469 3470static void 3471sppp_ipv6cp_close(struct sppp *sp) 3472{ 3473 sppp_close_event(&ipv6cp, sp); 3474} 3475 3476static void 3477sppp_ipv6cp_TO(void *cookie) 3478{ 3479 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3480} 3481 3482/* 3483 * Analyze a configure request. Return true if it was agreeable, and 3484 * caused action sca, false if it has been rejected or nak'ed, and 3485 * caused action scn. (The return value is used to make the state 3486 * transition decision in the state automaton.) 3487 */ 3488static int 3489sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3490{ 3491 u_char *buf, *r, *p; 3492 struct ifnet *ifp = SP2IFP(sp); 3493 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3494 struct in6_addr myaddr, desiredaddr, suggestaddr; 3495 int ifidcount; 3496 int type; 3497 int collision, nohisaddr; 3498 char ip6buf[INET6_ADDRSTRLEN]; 3499 3500 len -= 4; 3501 origlen = len; 3502 /* 3503 * Make sure to allocate a buf that can at least hold a 3504 * conf-nak with an `address' option. We might need it below. 3505 */ 3506 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3507 if (! buf) 3508 return (0); 3509 3510 /* pass 1: see if we can recognize them */ 3511 if (debug) 3512 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3513 SPP_ARGS(ifp)); 3514 p = (void*) (h+1); 3515 ifidcount = 0; 3516 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3517 len-=p[1], p+=p[1]) { 3518 if (debug) 3519 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3520 switch (*p) { 3521 case IPV6CP_OPT_IFID: 3522 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3523 /* correctly formed address option */ 3524 ifidcount++; 3525 continue; 3526 } 3527 if (debug) 3528 log(-1, " [invalid]"); 3529 break; 3530#ifdef notyet 3531 case IPV6CP_OPT_COMPRESSION: 3532 if (len >= 4 && p[1] >= 4) { 3533 /* correctly formed compress option */ 3534 continue; 3535 } 3536 if (debug) 3537 log(-1, " [invalid]"); 3538 break; 3539#endif 3540 default: 3541 /* Others not supported. */ 3542 if (debug) 3543 log(-1, " [rej]"); 3544 break; 3545 } 3546 /* Add the option to rejected list. */ 3547 bcopy (p, r, p[1]); 3548 r += p[1]; 3549 rlen += p[1]; 3550 } 3551 if (rlen) { 3552 if (debug) 3553 log(-1, " send conf-rej\n"); 3554 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3555 goto end; 3556 } else if (debug) 3557 log(-1, "\n"); 3558 3559 /* pass 2: parse option values */ 3560 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3561 if (debug) 3562 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3563 SPP_ARGS(ifp)); 3564 p = (void*) (h+1); 3565 len = origlen; 3566 type = CONF_ACK; 3567 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3568 len-=p[1], p+=p[1]) { 3569 if (debug) 3570 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3571 switch (*p) { 3572#ifdef notyet 3573 case IPV6CP_OPT_COMPRESSION: 3574 continue; 3575#endif 3576 case IPV6CP_OPT_IFID: 3577 bzero(&desiredaddr, sizeof(desiredaddr)); 3578 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3579 collision = (bcmp(&desiredaddr.s6_addr[8], 3580 &myaddr.s6_addr[8], 8) == 0); 3581 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3582 3583 desiredaddr.s6_addr16[0] = htons(0xfe80); 3584 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3585 3586 if (!collision && !nohisaddr) { 3587 /* no collision, hisaddr known - Conf-Ack */ 3588 type = CONF_ACK; 3589 3590 if (debug) { 3591 log(-1, " %s [%s]", 3592 ip6_sprintf(ip6buf, &desiredaddr), 3593 sppp_cp_type_name(type)); 3594 } 3595 continue; 3596 } 3597 3598 bzero(&suggestaddr, sizeof(suggestaddr)); 3599 if (collision && nohisaddr) { 3600 /* collision, hisaddr unknown - Conf-Rej */ 3601 type = CONF_REJ; 3602 bzero(&p[2], 8); 3603 } else { 3604 /* 3605 * - no collision, hisaddr unknown, or 3606 * - collision, hisaddr known 3607 * Conf-Nak, suggest hisaddr 3608 */ 3609 type = CONF_NAK; 3610 sppp_suggest_ip6_addr(sp, &suggestaddr); 3611 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3612 } 3613 if (debug) 3614 log(-1, " %s [%s]", 3615 ip6_sprintf(ip6buf, &desiredaddr), 3616 sppp_cp_type_name(type)); 3617 break; 3618 } 3619 /* Add the option to nak'ed list. */ 3620 bcopy (p, r, p[1]); 3621 r += p[1]; 3622 rlen += p[1]; 3623 } 3624 3625 if (rlen == 0 && type == CONF_ACK) { 3626 if (debug) 3627 log(-1, " send %s\n", sppp_cp_type_name(type)); 3628 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3629 } else { 3630#ifdef DIAGNOSTIC 3631 if (type == CONF_ACK) 3632 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3633#endif 3634 3635 if (debug) { 3636 log(-1, " send %s suggest %s\n", 3637 sppp_cp_type_name(type), 3638 ip6_sprintf(ip6buf, &suggestaddr)); 3639 } 3640 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3641 } 3642 3643 end: 3644 free (buf, M_TEMP); 3645 return (rlen == 0); 3646} 3647 3648/* 3649 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3650 * negotiation. 3651 */ 3652static void 3653sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3654{ 3655 u_char *buf, *p; 3656 struct ifnet *ifp = SP2IFP(sp); 3657 int debug = ifp->if_flags & IFF_DEBUG; 3658 3659 len -= 4; 3660 buf = malloc (len, M_TEMP, M_NOWAIT); 3661 if (!buf) 3662 return; 3663 3664 if (debug) 3665 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3666 SPP_ARGS(ifp)); 3667 3668 p = (void*) (h+1); 3669 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3670 len -= p[1], p += p[1]) { 3671 if (debug) 3672 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3673 switch (*p) { 3674 case IPV6CP_OPT_IFID: 3675 /* 3676 * Peer doesn't grok address option. This is 3677 * bad. XXX Should we better give up here? 3678 */ 3679 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3680 break; 3681#ifdef notyet 3682 case IPV6CP_OPT_COMPRESS: 3683 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3684 break; 3685#endif 3686 } 3687 } 3688 if (debug) 3689 log(-1, "\n"); 3690 free (buf, M_TEMP); 3691 return; 3692} 3693 3694/* 3695 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3696 * negotiation. 3697 */ 3698static void 3699sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3700{ 3701 u_char *buf, *p; 3702 struct ifnet *ifp = SP2IFP(sp); 3703 int debug = ifp->if_flags & IFF_DEBUG; 3704 struct in6_addr suggestaddr; 3705 char ip6buf[INET6_ADDRSTRLEN]; 3706 3707 len -= 4; 3708 buf = malloc (len, M_TEMP, M_NOWAIT); 3709 if (!buf) 3710 return; 3711 3712 if (debug) 3713 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3714 SPP_ARGS(ifp)); 3715 3716 p = (void*) (h+1); 3717 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3718 len -= p[1], p += p[1]) { 3719 if (debug) 3720 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3721 switch (*p) { 3722 case IPV6CP_OPT_IFID: 3723 /* 3724 * Peer doesn't like our local ifid. See 3725 * if we can do something for him. We'll drop 3726 * him our address then. 3727 */ 3728 if (len < 10 || p[1] != 10) 3729 break; 3730 bzero(&suggestaddr, sizeof(suggestaddr)); 3731 suggestaddr.s6_addr16[0] = htons(0xfe80); 3732 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3733 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3734 3735 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3736 if (debug) 3737 log(-1, " [suggestaddr %s]", 3738 ip6_sprintf(ip6buf, &suggestaddr)); 3739#ifdef IPV6CP_MYIFID_DYN 3740 /* 3741 * When doing dynamic address assignment, 3742 * we accept his offer. 3743 */ 3744 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3745 struct in6_addr lastsuggest; 3746 /* 3747 * If <suggested myaddr from peer> equals to 3748 * <hisaddr we have suggested last time>, 3749 * we have a collision. generate new random 3750 * ifid. 3751 */ 3752 sppp_suggest_ip6_addr(&lastsuggest); 3753 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3754 lastsuggest)) { 3755 if (debug) 3756 log(-1, " [random]"); 3757 sppp_gen_ip6_addr(sp, &suggestaddr); 3758 } 3759 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3760 if (debug) 3761 log(-1, " [agree]"); 3762 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3763 } 3764#else 3765 /* 3766 * Since we do not do dynamic address assignment, 3767 * we ignore it and thus continue to negotiate 3768 * our already existing value. This can possibly 3769 * go into infinite request-reject loop. 3770 * 3771 * This is not likely because we normally use 3772 * ifid based on MAC-address. 3773 * If you have no ethernet card on the node, too bad. 3774 * XXX should we use fail_counter? 3775 */ 3776#endif 3777 break; 3778#ifdef notyet 3779 case IPV6CP_OPT_COMPRESS: 3780 /* 3781 * Peer wants different compression parameters. 3782 */ 3783 break; 3784#endif 3785 } 3786 } 3787 if (debug) 3788 log(-1, "\n"); 3789 free (buf, M_TEMP); 3790 return; 3791} 3792static void 3793sppp_ipv6cp_tlu(struct sppp *sp) 3794{ 3795 /* we are up - notify isdn daemon */ 3796 if (sp->pp_con) 3797 sp->pp_con(sp); 3798} 3799 3800static void 3801sppp_ipv6cp_tld(struct sppp *sp) 3802{ 3803} 3804 3805static void 3806sppp_ipv6cp_tls(struct sppp *sp) 3807{ 3808 /* indicate to LCP that it must stay alive */ 3809 sp->lcp.protos |= (1 << IDX_IPV6CP); 3810} 3811 3812static void 3813sppp_ipv6cp_tlf(struct sppp *sp) 3814{ 3815 3816#if 0 /* need #if 0 to close IPv6CP properly */ 3817 /* we no longer need LCP */ 3818 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3819 sppp_lcp_check_and_close(sp); 3820#endif 3821} 3822 3823static void 3824sppp_ipv6cp_scr(struct sppp *sp) 3825{ 3826 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3827 struct in6_addr ouraddr; 3828 int i = 0; 3829 3830 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3831 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3832 opt[i++] = IPV6CP_OPT_IFID; 3833 opt[i++] = 10; 3834 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3835 i += 8; 3836 } 3837 3838#ifdef notyet 3839 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3840 opt[i++] = IPV6CP_OPT_COMPRESSION; 3841 opt[i++] = 4; 3842 opt[i++] = 0; /* TBD */ 3843 opt[i++] = 0; /* TBD */ 3844 /* variable length data may follow */ 3845 } 3846#endif 3847 3848 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3849 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3850} 3851#else /*INET6*/ 3852static void sppp_ipv6cp_init(struct sppp *sp) 3853{ 3854} 3855 3856static void sppp_ipv6cp_up(struct sppp *sp) 3857{ 3858} 3859 3860static void sppp_ipv6cp_down(struct sppp *sp) 3861{ 3862} 3863 3864 3865static void sppp_ipv6cp_open(struct sppp *sp) 3866{ 3867} 3868 3869static void sppp_ipv6cp_close(struct sppp *sp) 3870{ 3871} 3872 3873static void sppp_ipv6cp_TO(void *sp) 3874{ 3875} 3876 3877static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3878{ 3879 return 0; 3880} 3881 3882static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3883{ 3884} 3885 3886static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3887{ 3888} 3889 3890static void sppp_ipv6cp_tlu(struct sppp *sp) 3891{ 3892} 3893 3894static void sppp_ipv6cp_tld(struct sppp *sp) 3895{ 3896} 3897 3898static void sppp_ipv6cp_tls(struct sppp *sp) 3899{ 3900} 3901 3902static void sppp_ipv6cp_tlf(struct sppp *sp) 3903{ 3904} 3905 3906static void sppp_ipv6cp_scr(struct sppp *sp) 3907{ 3908} 3909#endif /*INET6*/ 3910 3911/* 3912 *--------------------------------------------------------------------------* 3913 * * 3914 * The CHAP implementation. * 3915 * * 3916 *--------------------------------------------------------------------------* 3917 */ 3918 3919/* 3920 * The authentication protocols don't employ a full-fledged state machine as 3921 * the control protocols do, since they do have Open and Close events, but 3922 * not Up and Down, nor are they explicitly terminated. Also, use of the 3923 * authentication protocols may be different in both directions (this makes 3924 * sense, think of a machine that never accepts incoming calls but only 3925 * calls out, it doesn't require the called party to authenticate itself). 3926 * 3927 * Our state machine for the local authentication protocol (we are requesting 3928 * the peer to authenticate) looks like: 3929 * 3930 * RCA- 3931 * +--------------------------------------------+ 3932 * V scn,tld| 3933 * +--------+ Close +---------+ RCA+ 3934 * | |<----------------------------------| |------+ 3935 * +--->| Closed | TO* | Opened | sca | 3936 * | | |-----+ +-------| |<-----+ 3937 * | +--------+ irc | | +---------+ 3938 * | ^ | | ^ 3939 * | | | | | 3940 * | | | | | 3941 * | TO-| | | | 3942 * | |tld TO+ V | | 3943 * | | +------->+ | | 3944 * | | | | | | 3945 * | +--------+ V | | 3946 * | | |<----+<--------------------+ | 3947 * | | Req- | scr | 3948 * | | Sent | | 3949 * | | | | 3950 * | +--------+ | 3951 * | RCA- | | RCA+ | 3952 * +------+ +------------------------------------------+ 3953 * scn,tld sca,irc,ict,tlu 3954 * 3955 * 3956 * with: 3957 * 3958 * Open: LCP reached authentication phase 3959 * Close: LCP reached terminate phase 3960 * 3961 * RCA+: received reply (pap-req, chap-response), acceptable 3962 * RCN: received reply (pap-req, chap-response), not acceptable 3963 * TO+: timeout with restart counter >= 0 3964 * TO-: timeout with restart counter < 0 3965 * TO*: reschedule timeout for CHAP 3966 * 3967 * scr: send request packet (none for PAP, chap-challenge) 3968 * sca: send ack packet (pap-ack, chap-success) 3969 * scn: send nak packet (pap-nak, chap-failure) 3970 * ict: initialize re-challenge timer (CHAP only) 3971 * 3972 * tlu: this-layer-up, LCP reaches network phase 3973 * tld: this-layer-down, LCP enters terminate phase 3974 * 3975 * Note that in CHAP mode, after sending a new challenge, while the state 3976 * automaton falls back into Req-Sent state, it doesn't signal a tld 3977 * event to LCP, so LCP remains in network phase. Only after not getting 3978 * any response (or after getting an unacceptable response), CHAP closes, 3979 * causing LCP to enter terminate phase. 3980 * 3981 * With PAP, there is no initial request that can be sent. The peer is 3982 * expected to send one based on the successful negotiation of PAP as 3983 * the authentication protocol during the LCP option negotiation. 3984 * 3985 * Incoming authentication protocol requests (remote requests 3986 * authentication, we are peer) don't employ a state machine at all, 3987 * they are simply answered. Some peers [Ascend P50 firmware rev 3988 * 4.50] react allergically when sending IPCP requests while they are 3989 * still in authentication phase (thereby violating the standard that 3990 * demands that these NCP packets are to be discarded), so we keep 3991 * track of the peer demanding us to authenticate, and only proceed to 3992 * phase network once we've seen a positive acknowledge for the 3993 * authentication. 3994 */ 3995 3996/* 3997 * Handle incoming CHAP packets. 3998 */ 3999static void 4000sppp_chap_input(struct sppp *sp, struct mbuf *m) 4001{ 4002 STDDCL; 4003 struct lcp_header *h; 4004 int len; 4005 u_char *value, *name, digest[AUTHKEYLEN], dsize; 4006 int value_len, name_len; 4007 MD5_CTX ctx; 4008 4009 len = m->m_pkthdr.len; 4010 if (len < 4) { 4011 if (debug) 4012 log(LOG_DEBUG, 4013 SPP_FMT "chap invalid packet length: %d bytes\n", 4014 SPP_ARGS(ifp), len); 4015 return; 4016 } 4017 h = mtod (m, struct lcp_header*); 4018 if (len > ntohs (h->len)) 4019 len = ntohs (h->len); 4020 4021 switch (h->type) { 4022 /* challenge, failure and success are his authproto */ 4023 case CHAP_CHALLENGE: 4024 value = 1 + (u_char*)(h+1); 4025 value_len = value[-1]; 4026 name = value + value_len; 4027 name_len = len - value_len - 5; 4028 if (name_len < 0) { 4029 if (debug) { 4030 log(LOG_DEBUG, 4031 SPP_FMT "chap corrupted challenge " 4032 "<%s id=0x%x len=%d", 4033 SPP_ARGS(ifp), 4034 sppp_auth_type_name(PPP_CHAP, h->type), 4035 h->ident, ntohs(h->len)); 4036 sppp_print_bytes((u_char*) (h+1), len-4); 4037 log(-1, ">\n"); 4038 } 4039 break; 4040 } 4041 4042 if (debug) { 4043 log(LOG_DEBUG, 4044 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4045 SPP_ARGS(ifp), 4046 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4047 ntohs(h->len)); 4048 sppp_print_string((char*) name, name_len); 4049 log(-1, " value-size=%d value=", value_len); 4050 sppp_print_bytes(value, value_len); 4051 log(-1, ">\n"); 4052 } 4053 4054 /* Compute reply value. */ 4055 MD5Init(&ctx); 4056 MD5Update(&ctx, &h->ident, 1); 4057 MD5Update(&ctx, sp->myauth.secret, 4058 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4059 MD5Update(&ctx, value, value_len); 4060 MD5Final(digest, &ctx); 4061 dsize = sizeof digest; 4062 4063 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4064 sizeof dsize, (const char *)&dsize, 4065 sizeof digest, digest, 4066 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4067 sp->myauth.name, 4068 0); 4069 break; 4070 4071 case CHAP_SUCCESS: 4072 if (debug) { 4073 log(LOG_DEBUG, SPP_FMT "chap success", 4074 SPP_ARGS(ifp)); 4075 if (len > 4) { 4076 log(-1, ": "); 4077 sppp_print_string((char*)(h + 1), len - 4); 4078 } 4079 log(-1, "\n"); 4080 } 4081 SPPP_LOCK(sp); 4082 sp->pp_flags &= ~PP_NEEDAUTH; 4083 if (sp->myauth.proto == PPP_CHAP && 4084 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4085 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4086 /* 4087 * We are authenticator for CHAP but didn't 4088 * complete yet. Leave it to tlu to proceed 4089 * to network phase. 4090 */ 4091 SPPP_UNLOCK(sp); 4092 break; 4093 } 4094 SPPP_UNLOCK(sp); 4095 sppp_phase_network(sp); 4096 break; 4097 4098 case CHAP_FAILURE: 4099 if (debug) { 4100 log(LOG_INFO, SPP_FMT "chap failure", 4101 SPP_ARGS(ifp)); 4102 if (len > 4) { 4103 log(-1, ": "); 4104 sppp_print_string((char*)(h + 1), len - 4); 4105 } 4106 log(-1, "\n"); 4107 } else 4108 log(LOG_INFO, SPP_FMT "chap failure\n", 4109 SPP_ARGS(ifp)); 4110 /* await LCP shutdown by authenticator */ 4111 break; 4112 4113 /* response is my authproto */ 4114 case CHAP_RESPONSE: 4115 value = 1 + (u_char*)(h+1); 4116 value_len = value[-1]; 4117 name = value + value_len; 4118 name_len = len - value_len - 5; 4119 if (name_len < 0) { 4120 if (debug) { 4121 log(LOG_DEBUG, 4122 SPP_FMT "chap corrupted response " 4123 "<%s id=0x%x len=%d", 4124 SPP_ARGS(ifp), 4125 sppp_auth_type_name(PPP_CHAP, h->type), 4126 h->ident, ntohs(h->len)); 4127 sppp_print_bytes((u_char*)(h+1), len-4); 4128 log(-1, ">\n"); 4129 } 4130 break; 4131 } 4132 if (h->ident != sp->confid[IDX_CHAP]) { 4133 if (debug) 4134 log(LOG_DEBUG, 4135 SPP_FMT "chap dropping response for old ID " 4136 "(got %d, expected %d)\n", 4137 SPP_ARGS(ifp), 4138 h->ident, sp->confid[IDX_CHAP]); 4139 break; 4140 } 4141 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4142 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4143 log(LOG_INFO, SPP_FMT "chap response, his name ", 4144 SPP_ARGS(ifp)); 4145 sppp_print_string(name, name_len); 4146 log(-1, " != expected "); 4147 sppp_print_string(sp->hisauth.name, 4148 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4149 log(-1, "\n"); 4150 } 4151 if (debug) { 4152 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4153 "<%s id=0x%x len=%d name=", 4154 SPP_ARGS(ifp), 4155 sppp_state_name(sp->state[IDX_CHAP]), 4156 sppp_auth_type_name(PPP_CHAP, h->type), 4157 h->ident, ntohs (h->len)); 4158 sppp_print_string((char*)name, name_len); 4159 log(-1, " value-size=%d value=", value_len); 4160 sppp_print_bytes(value, value_len); 4161 log(-1, ">\n"); 4162 } 4163 if (value_len != AUTHKEYLEN) { 4164 if (debug) 4165 log(LOG_DEBUG, 4166 SPP_FMT "chap bad hash value length: " 4167 "%d bytes, should be %d\n", 4168 SPP_ARGS(ifp), value_len, 4169 AUTHKEYLEN); 4170 break; 4171 } 4172 4173 MD5Init(&ctx); 4174 MD5Update(&ctx, &h->ident, 1); 4175 MD5Update(&ctx, sp->hisauth.secret, 4176 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4177 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4178 MD5Final(digest, &ctx); 4179 4180#define FAILMSG "Failed..." 4181#define SUCCMSG "Welcome!" 4182 4183 if (value_len != sizeof digest || 4184 bcmp(digest, value, value_len) != 0) { 4185 /* action scn, tld */ 4186 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4187 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4188 0); 4189 chap.tld(sp); 4190 break; 4191 } 4192 /* action sca, perhaps tlu */ 4193 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4194 sp->state[IDX_CHAP] == STATE_OPENED) 4195 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4196 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4197 0); 4198 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4199 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4200 chap.tlu(sp); 4201 } 4202 break; 4203 4204 default: 4205 /* Unknown CHAP packet type -- ignore. */ 4206 if (debug) { 4207 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4208 "<0x%x id=0x%xh len=%d", 4209 SPP_ARGS(ifp), 4210 sppp_state_name(sp->state[IDX_CHAP]), 4211 h->type, h->ident, ntohs(h->len)); 4212 sppp_print_bytes((u_char*)(h+1), len-4); 4213 log(-1, ">\n"); 4214 } 4215 break; 4216 4217 } 4218} 4219 4220static void 4221sppp_chap_init(struct sppp *sp) 4222{ 4223 /* Chap doesn't have STATE_INITIAL at all. */ 4224 sp->state[IDX_CHAP] = STATE_CLOSED; 4225 sp->fail_counter[IDX_CHAP] = 0; 4226 sp->pp_seq[IDX_CHAP] = 0; 4227 sp->pp_rseq[IDX_CHAP] = 0; 4228 callout_init(&sp->ch[IDX_CHAP], CALLOUT_MPSAFE); 4229} 4230 4231static void 4232sppp_chap_open(struct sppp *sp) 4233{ 4234 if (sp->myauth.proto == PPP_CHAP && 4235 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4236 /* we are authenticator for CHAP, start it */ 4237 chap.scr(sp); 4238 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4239 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4240 } 4241 /* nothing to be done if we are peer, await a challenge */ 4242} 4243 4244static void 4245sppp_chap_close(struct sppp *sp) 4246{ 4247 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4248 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4249} 4250 4251static void 4252sppp_chap_TO(void *cookie) 4253{ 4254 struct sppp *sp = (struct sppp *)cookie; 4255 STDDCL; 4256 4257 SPPP_LOCK(sp); 4258 if (debug) 4259 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4260 SPP_ARGS(ifp), 4261 sppp_state_name(sp->state[IDX_CHAP]), 4262 sp->rst_counter[IDX_CHAP]); 4263 4264 if (--sp->rst_counter[IDX_CHAP] < 0) 4265 /* TO- event */ 4266 switch (sp->state[IDX_CHAP]) { 4267 case STATE_REQ_SENT: 4268 chap.tld(sp); 4269 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4270 break; 4271 } 4272 else 4273 /* TO+ (or TO*) event */ 4274 switch (sp->state[IDX_CHAP]) { 4275 case STATE_OPENED: 4276 /* TO* event */ 4277 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4278 /* FALLTHROUGH */ 4279 case STATE_REQ_SENT: 4280 chap.scr(sp); 4281 /* sppp_cp_change_state() will restart the timer */ 4282 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4283 break; 4284 } 4285 4286 SPPP_UNLOCK(sp); 4287} 4288 4289static void 4290sppp_chap_tlu(struct sppp *sp) 4291{ 4292 STDDCL; 4293 int i; 4294 4295 i = 0; 4296 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4297 4298 /* 4299 * Some broken CHAP implementations (Conware CoNet, firmware 4300 * 4.0.?) don't want to re-authenticate their CHAP once the 4301 * initial challenge-response exchange has taken place. 4302 * Provide for an option to avoid rechallenges. 4303 */ 4304 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4305 /* 4306 * Compute the re-challenge timeout. This will yield 4307 * a number between 300 and 810 seconds. 4308 */ 4309 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4310 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4311 } 4312 4313 if (debug) { 4314 log(LOG_DEBUG, 4315 SPP_FMT "chap %s, ", 4316 SPP_ARGS(ifp), 4317 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4318 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4319 log(-1, "next re-challenge in %d seconds\n", i); 4320 else 4321 log(-1, "re-challenging supressed\n"); 4322 } 4323 4324 SPPP_LOCK(sp); 4325 /* indicate to LCP that we need to be closed down */ 4326 sp->lcp.protos |= (1 << IDX_CHAP); 4327 4328 if (sp->pp_flags & PP_NEEDAUTH) { 4329 /* 4330 * Remote is authenticator, but his auth proto didn't 4331 * complete yet. Defer the transition to network 4332 * phase. 4333 */ 4334 SPPP_UNLOCK(sp); 4335 return; 4336 } 4337 SPPP_UNLOCK(sp); 4338 4339 /* 4340 * If we are already in phase network, we are done here. This 4341 * is the case if this is a dummy tlu event after a re-challenge. 4342 */ 4343 if (sp->pp_phase != PHASE_NETWORK) 4344 sppp_phase_network(sp); 4345} 4346 4347static void 4348sppp_chap_tld(struct sppp *sp) 4349{ 4350 STDDCL; 4351 4352 if (debug) 4353 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4354 callout_stop(&sp->ch[IDX_CHAP]); 4355 sp->lcp.protos &= ~(1 << IDX_CHAP); 4356 4357 lcp.Close(sp); 4358} 4359 4360static void 4361sppp_chap_scr(struct sppp *sp) 4362{ 4363 u_long *ch, seed; 4364 u_char clen; 4365 4366 /* Compute random challenge. */ 4367 ch = (u_long *)sp->myauth.challenge; 4368 read_random(&seed, sizeof seed); 4369 ch[0] = seed ^ random(); 4370 ch[1] = seed ^ random(); 4371 ch[2] = seed ^ random(); 4372 ch[3] = seed ^ random(); 4373 clen = AUTHKEYLEN; 4374 4375 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4376 4377 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4378 sizeof clen, (const char *)&clen, 4379 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4380 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4381 sp->myauth.name, 4382 0); 4383} 4384 4385/* 4386 *--------------------------------------------------------------------------* 4387 * * 4388 * The PAP implementation. * 4389 * * 4390 *--------------------------------------------------------------------------* 4391 */ 4392/* 4393 * For PAP, we need to keep a little state also if we are the peer, not the 4394 * authenticator. This is since we don't get a request to authenticate, but 4395 * have to repeatedly authenticate ourself until we got a response (or the 4396 * retry counter is expired). 4397 */ 4398 4399/* 4400 * Handle incoming PAP packets. */ 4401static void 4402sppp_pap_input(struct sppp *sp, struct mbuf *m) 4403{ 4404 STDDCL; 4405 struct lcp_header *h; 4406 int len; 4407 u_char *name, *passwd, mlen; 4408 int name_len, passwd_len; 4409 4410 len = m->m_pkthdr.len; 4411 if (len < 5) { 4412 if (debug) 4413 log(LOG_DEBUG, 4414 SPP_FMT "pap invalid packet length: %d bytes\n", 4415 SPP_ARGS(ifp), len); 4416 return; 4417 } 4418 h = mtod (m, struct lcp_header*); 4419 if (len > ntohs (h->len)) 4420 len = ntohs (h->len); 4421 switch (h->type) { 4422 /* PAP request is my authproto */ 4423 case PAP_REQ: 4424 name = 1 + (u_char*)(h+1); 4425 name_len = name[-1]; 4426 passwd = name + name_len + 1; 4427 if (name_len > len - 6 || 4428 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4429 if (debug) { 4430 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4431 "<%s id=0x%x len=%d", 4432 SPP_ARGS(ifp), 4433 sppp_auth_type_name(PPP_PAP, h->type), 4434 h->ident, ntohs(h->len)); 4435 sppp_print_bytes((u_char*)(h+1), len-4); 4436 log(-1, ">\n"); 4437 } 4438 break; 4439 } 4440 if (debug) { 4441 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4442 "<%s id=0x%x len=%d name=", 4443 SPP_ARGS(ifp), 4444 sppp_state_name(sp->state[IDX_PAP]), 4445 sppp_auth_type_name(PPP_PAP, h->type), 4446 h->ident, ntohs(h->len)); 4447 sppp_print_string((char*)name, name_len); 4448 log(-1, " passwd="); 4449 sppp_print_string((char*)passwd, passwd_len); 4450 log(-1, ">\n"); 4451 } 4452 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4453 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4454 bcmp(name, sp->hisauth.name, name_len) != 0 || 4455 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4456 /* action scn, tld */ 4457 mlen = sizeof(FAILMSG) - 1; 4458 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4459 sizeof mlen, (const char *)&mlen, 4460 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4461 0); 4462 pap.tld(sp); 4463 break; 4464 } 4465 /* action sca, perhaps tlu */ 4466 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4467 sp->state[IDX_PAP] == STATE_OPENED) { 4468 mlen = sizeof(SUCCMSG) - 1; 4469 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4470 sizeof mlen, (const char *)&mlen, 4471 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4472 0); 4473 } 4474 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4475 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4476 pap.tlu(sp); 4477 } 4478 break; 4479 4480 /* ack and nak are his authproto */ 4481 case PAP_ACK: 4482 callout_stop(&sp->pap_my_to_ch); 4483 if (debug) { 4484 log(LOG_DEBUG, SPP_FMT "pap success", 4485 SPP_ARGS(ifp)); 4486 name_len = *((char *)h); 4487 if (len > 5 && name_len) { 4488 log(-1, ": "); 4489 sppp_print_string((char*)(h+1), name_len); 4490 } 4491 log(-1, "\n"); 4492 } 4493 SPPP_LOCK(sp); 4494 sp->pp_flags &= ~PP_NEEDAUTH; 4495 if (sp->myauth.proto == PPP_PAP && 4496 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4497 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4498 /* 4499 * We are authenticator for PAP but didn't 4500 * complete yet. Leave it to tlu to proceed 4501 * to network phase. 4502 */ 4503 SPPP_UNLOCK(sp); 4504 break; 4505 } 4506 SPPP_UNLOCK(sp); 4507 sppp_phase_network(sp); 4508 break; 4509 4510 case PAP_NAK: 4511 callout_stop (&sp->pap_my_to_ch); 4512 if (debug) { 4513 log(LOG_INFO, SPP_FMT "pap failure", 4514 SPP_ARGS(ifp)); 4515 name_len = *((char *)h); 4516 if (len > 5 && name_len) { 4517 log(-1, ": "); 4518 sppp_print_string((char*)(h+1), name_len); 4519 } 4520 log(-1, "\n"); 4521 } else 4522 log(LOG_INFO, SPP_FMT "pap failure\n", 4523 SPP_ARGS(ifp)); 4524 /* await LCP shutdown by authenticator */ 4525 break; 4526 4527 default: 4528 /* Unknown PAP packet type -- ignore. */ 4529 if (debug) { 4530 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4531 "<0x%x id=0x%x len=%d", 4532 SPP_ARGS(ifp), 4533 h->type, h->ident, ntohs(h->len)); 4534 sppp_print_bytes((u_char*)(h+1), len-4); 4535 log(-1, ">\n"); 4536 } 4537 break; 4538 4539 } 4540} 4541 4542static void 4543sppp_pap_init(struct sppp *sp) 4544{ 4545 /* PAP doesn't have STATE_INITIAL at all. */ 4546 sp->state[IDX_PAP] = STATE_CLOSED; 4547 sp->fail_counter[IDX_PAP] = 0; 4548 sp->pp_seq[IDX_PAP] = 0; 4549 sp->pp_rseq[IDX_PAP] = 0; 4550 callout_init(&sp->ch[IDX_PAP], CALLOUT_MPSAFE); 4551 callout_init(&sp->pap_my_to_ch, CALLOUT_MPSAFE); 4552} 4553 4554static void 4555sppp_pap_open(struct sppp *sp) 4556{ 4557 if (sp->hisauth.proto == PPP_PAP && 4558 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4559 /* we are authenticator for PAP, start our timer */ 4560 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4561 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4562 } 4563 if (sp->myauth.proto == PPP_PAP) { 4564 /* we are peer, send a request, and start a timer */ 4565 pap.scr(sp); 4566 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4567 sppp_pap_my_TO, (void *)sp); 4568 } 4569} 4570 4571static void 4572sppp_pap_close(struct sppp *sp) 4573{ 4574 if (sp->state[IDX_PAP] != STATE_CLOSED) 4575 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4576} 4577 4578/* 4579 * That's the timeout routine if we are authenticator. Since the 4580 * authenticator is basically passive in PAP, we can't do much here. 4581 */ 4582static void 4583sppp_pap_TO(void *cookie) 4584{ 4585 struct sppp *sp = (struct sppp *)cookie; 4586 STDDCL; 4587 4588 SPPP_LOCK(sp); 4589 if (debug) 4590 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4591 SPP_ARGS(ifp), 4592 sppp_state_name(sp->state[IDX_PAP]), 4593 sp->rst_counter[IDX_PAP]); 4594 4595 if (--sp->rst_counter[IDX_PAP] < 0) 4596 /* TO- event */ 4597 switch (sp->state[IDX_PAP]) { 4598 case STATE_REQ_SENT: 4599 pap.tld(sp); 4600 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4601 break; 4602 } 4603 else 4604 /* TO+ event, not very much we could do */ 4605 switch (sp->state[IDX_PAP]) { 4606 case STATE_REQ_SENT: 4607 /* sppp_cp_change_state() will restart the timer */ 4608 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4609 break; 4610 } 4611 4612 SPPP_UNLOCK(sp); 4613} 4614 4615/* 4616 * That's the timeout handler if we are peer. Since the peer is active, 4617 * we need to retransmit our PAP request since it is apparently lost. 4618 * XXX We should impose a max counter. 4619 */ 4620static void 4621sppp_pap_my_TO(void *cookie) 4622{ 4623 struct sppp *sp = (struct sppp *)cookie; 4624 STDDCL; 4625 4626 if (debug) 4627 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4628 SPP_ARGS(ifp)); 4629 4630 SPPP_LOCK(sp); 4631 pap.scr(sp); 4632 SPPP_UNLOCK(sp); 4633} 4634 4635static void 4636sppp_pap_tlu(struct sppp *sp) 4637{ 4638 STDDCL; 4639 4640 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4641 4642 if (debug) 4643 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4644 SPP_ARGS(ifp), pap.name); 4645 4646 SPPP_LOCK(sp); 4647 /* indicate to LCP that we need to be closed down */ 4648 sp->lcp.protos |= (1 << IDX_PAP); 4649 4650 if (sp->pp_flags & PP_NEEDAUTH) { 4651 /* 4652 * Remote is authenticator, but his auth proto didn't 4653 * complete yet. Defer the transition to network 4654 * phase. 4655 */ 4656 SPPP_UNLOCK(sp); 4657 return; 4658 } 4659 SPPP_UNLOCK(sp); 4660 sppp_phase_network(sp); 4661} 4662 4663static void 4664sppp_pap_tld(struct sppp *sp) 4665{ 4666 STDDCL; 4667 4668 if (debug) 4669 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4670 callout_stop (&sp->ch[IDX_PAP]); 4671 callout_stop (&sp->pap_my_to_ch); 4672 sp->lcp.protos &= ~(1 << IDX_PAP); 4673 4674 lcp.Close(sp); 4675} 4676 4677static void 4678sppp_pap_scr(struct sppp *sp) 4679{ 4680 u_char idlen, pwdlen; 4681 4682 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4683 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4684 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4685 4686 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4687 sizeof idlen, (const char *)&idlen, 4688 (size_t)idlen, sp->myauth.name, 4689 sizeof pwdlen, (const char *)&pwdlen, 4690 (size_t)pwdlen, sp->myauth.secret, 4691 0); 4692} 4693 4694/* 4695 * Random miscellaneous functions. 4696 */ 4697 4698/* 4699 * Send a PAP or CHAP proto packet. 4700 * 4701 * Varadic function, each of the elements for the ellipsis is of type 4702 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4703 * mlen == 0. 4704 * NOTE: never declare variadic functions with types subject to type 4705 * promotion (i.e. u_char). This is asking for big trouble depending 4706 * on the architecture you are on... 4707 */ 4708 4709static void 4710sppp_auth_send(const struct cp *cp, struct sppp *sp, 4711 unsigned int type, unsigned int id, 4712 ...) 4713{ 4714 STDDCL; 4715 struct ppp_header *h; 4716 struct lcp_header *lh; 4717 struct mbuf *m; 4718 u_char *p; 4719 int len; 4720 unsigned int mlen; 4721 const char *msg; 4722 va_list ap; 4723 4724 MGETHDR (m, M_NOWAIT, MT_DATA); 4725 if (! m) 4726 return; 4727 m->m_pkthdr.rcvif = 0; 4728 4729 h = mtod (m, struct ppp_header*); 4730 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4731 h->control = PPP_UI; /* Unnumbered Info */ 4732 h->protocol = htons(cp->proto); 4733 4734 lh = (struct lcp_header*)(h + 1); 4735 lh->type = type; 4736 lh->ident = id; 4737 p = (u_char*) (lh+1); 4738 4739 va_start(ap, id); 4740 len = 0; 4741 4742 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4743 msg = va_arg(ap, const char *); 4744 len += mlen; 4745 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4746 va_end(ap); 4747 m_freem(m); 4748 return; 4749 } 4750 4751 bcopy(msg, p, mlen); 4752 p += mlen; 4753 } 4754 va_end(ap); 4755 4756 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4757 lh->len = htons (LCP_HEADER_LEN + len); 4758 4759 if (debug) { 4760 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4761 SPP_ARGS(ifp), cp->name, 4762 sppp_auth_type_name(cp->proto, lh->type), 4763 lh->ident, ntohs(lh->len)); 4764 sppp_print_bytes((u_char*) (lh+1), len); 4765 log(-1, ">\n"); 4766 } 4767 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4768 ifp->if_oerrors++; 4769} 4770 4771/* 4772 * Flush interface queue. 4773 */ 4774static void 4775sppp_qflush(struct ifqueue *ifq) 4776{ 4777 struct mbuf *m, *n; 4778 4779 n = ifq->ifq_head; 4780 while ((m = n)) { 4781 n = m->m_nextpkt; 4782 m_freem (m); 4783 } 4784 ifq->ifq_head = 0; 4785 ifq->ifq_tail = 0; 4786 ifq->ifq_len = 0; 4787} 4788 4789/* 4790 * Send keepalive packets, every 10 seconds. 4791 */ 4792static void 4793sppp_keepalive(void *dummy) 4794{ 4795 struct sppp *sp = (struct sppp*)dummy; 4796 struct ifnet *ifp = SP2IFP(sp); 4797 4798 SPPP_LOCK(sp); 4799 /* Keepalive mode disabled or channel down? */ 4800 if (! (sp->pp_flags & PP_KEEPALIVE) || 4801 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4802 goto out; 4803 4804 if (sp->pp_mode == PP_FR) { 4805 sppp_fr_keepalive (sp); 4806 goto out; 4807 } 4808 4809 /* No keepalive in PPP mode if LCP not opened yet. */ 4810 if (sp->pp_mode != IFF_CISCO && 4811 sp->pp_phase < PHASE_AUTHENTICATE) 4812 goto out; 4813 4814 if (sp->pp_alivecnt == MAXALIVECNT) { 4815 /* No keepalive packets got. Stop the interface. */ 4816 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4817 if_down (ifp); 4818 sppp_qflush (&sp->pp_cpq); 4819 if (sp->pp_mode != IFF_CISCO) { 4820 /* XXX */ 4821 /* Shut down the PPP link. */ 4822 lcp.Down(sp); 4823 /* Initiate negotiation. XXX */ 4824 lcp.Up(sp); 4825 } 4826 } 4827 if (sp->pp_alivecnt <= MAXALIVECNT) 4828 ++sp->pp_alivecnt; 4829 if (sp->pp_mode == IFF_CISCO) 4830 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4831 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4832 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4833 long nmagic = htonl (sp->lcp.magic); 4834 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4835 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4836 sp->lcp.echoid, 4, &nmagic); 4837 } 4838out: 4839 SPPP_UNLOCK(sp); 4840 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4841 (void *)sp); 4842} 4843 4844/* 4845 * Get both IP addresses. 4846 */ 4847void 4848sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4849{ 4850 struct ifnet *ifp = SP2IFP(sp); 4851 struct ifaddr *ifa; 4852 struct sockaddr_in *si, *sm; 4853 u_long ssrc, ddst; 4854 4855 sm = NULL; 4856 ssrc = ddst = 0L; 4857 /* 4858 * Pick the first AF_INET address from the list, 4859 * aliases don't make any sense on a p2p link anyway. 4860 */ 4861 si = 0; 4862 if_addr_rlock(ifp); 4863 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4864 if (ifa->ifa_addr->sa_family == AF_INET) { 4865 si = (struct sockaddr_in *)ifa->ifa_addr; 4866 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4867 if (si) 4868 break; 4869 } 4870 if (ifa) { 4871 if (si && si->sin_addr.s_addr) { 4872 ssrc = si->sin_addr.s_addr; 4873 if (srcmask) 4874 *srcmask = ntohl(sm->sin_addr.s_addr); 4875 } 4876 4877 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4878 if (si && si->sin_addr.s_addr) 4879 ddst = si->sin_addr.s_addr; 4880 } 4881 if_addr_runlock(ifp); 4882 4883 if (dst) *dst = ntohl(ddst); 4884 if (src) *src = ntohl(ssrc); 4885} 4886 4887#ifdef INET 4888/* 4889 * Set my IP address. 4890 */ 4891static void 4892sppp_set_ip_addr(struct sppp *sp, u_long src) 4893{ 4894 STDDCL; 4895 struct ifaddr *ifa; 4896 struct sockaddr_in *si; 4897 struct in_ifaddr *ia; 4898 4899 /* 4900 * Pick the first AF_INET address from the list, 4901 * aliases don't make any sense on a p2p link anyway. 4902 */ 4903 si = 0; 4904 if_addr_rlock(ifp); 4905 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 4906 if (ifa->ifa_addr->sa_family == AF_INET) { 4907 si = (struct sockaddr_in *)ifa->ifa_addr; 4908 if (si != NULL) { 4909 ifa_ref(ifa); 4910 break; 4911 } 4912 } 4913 } 4914 if_addr_runlock(ifp); 4915 4916 if (ifa != NULL) { 4917 int error; 4918 4919 /* delete old route */ 4920 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4921 if (debug && error) { 4922 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4923 SPP_ARGS(ifp), error); 4924 } 4925 4926 /* set new address */ 4927 si->sin_addr.s_addr = htonl(src); 4928 ia = ifatoia(ifa); 4929 IN_IFADDR_WLOCK(); 4930 LIST_REMOVE(ia, ia_hash); 4931 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4932 IN_IFADDR_WUNLOCK(); 4933 4934 /* add new route */ 4935 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4936 if (debug && error) { 4937 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4938 SPP_ARGS(ifp), error); 4939 } 4940 ifa_free(ifa); 4941 } 4942} 4943#endif 4944 4945#ifdef INET6 4946/* 4947 * Get both IPv6 addresses. 4948 */ 4949static void 4950sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4951 struct in6_addr *srcmask) 4952{ 4953 struct ifnet *ifp = SP2IFP(sp); 4954 struct ifaddr *ifa; 4955 struct sockaddr_in6 *si, *sm; 4956 struct in6_addr ssrc, ddst; 4957 4958 sm = NULL; 4959 bzero(&ssrc, sizeof(ssrc)); 4960 bzero(&ddst, sizeof(ddst)); 4961 /* 4962 * Pick the first link-local AF_INET6 address from the list, 4963 * aliases don't make any sense on a p2p link anyway. 4964 */ 4965 si = NULL; 4966 if_addr_rlock(ifp); 4967 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4968 if (ifa->ifa_addr->sa_family == AF_INET6) { 4969 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4970 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4971 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4972 break; 4973 } 4974 if (ifa) { 4975 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4976 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4977 if (srcmask) { 4978 bcopy(&sm->sin6_addr, srcmask, 4979 sizeof(*srcmask)); 4980 } 4981 } 4982 4983 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4984 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4985 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4986 } 4987 4988 if (dst) 4989 bcopy(&ddst, dst, sizeof(*dst)); 4990 if (src) 4991 bcopy(&ssrc, src, sizeof(*src)); 4992 if_addr_runlock(ifp); 4993} 4994 4995#ifdef IPV6CP_MYIFID_DYN 4996/* 4997 * Generate random ifid. 4998 */ 4999static void 5000sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5001{ 5002 /* TBD */ 5003} 5004 5005/* 5006 * Set my IPv6 address. 5007 */ 5008static void 5009sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5010{ 5011 STDDCL; 5012 struct ifaddr *ifa; 5013 struct sockaddr_in6 *sin6; 5014 5015 /* 5016 * Pick the first link-local AF_INET6 address from the list, 5017 * aliases don't make any sense on a p2p link anyway. 5018 */ 5019 5020 sin6 = NULL; 5021 if_addr_rlock(ifp); 5022 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 5023 if (ifa->ifa_addr->sa_family == AF_INET6) { 5024 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5025 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5026 ifa_ref(ifa); 5027 break; 5028 } 5029 } 5030 } 5031 if_addr_runlock(ifp); 5032 5033 if (ifa != NULL) { 5034 int error; 5035 struct sockaddr_in6 new_sin6 = *sin6; 5036 5037 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5038 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5039 if (debug && error) { 5040 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5041 " failed, error=%d\n", SPP_ARGS(ifp), error); 5042 } 5043 ifa_free(ifa); 5044 } 5045} 5046#endif 5047 5048/* 5049 * Suggest a candidate address to be used by peer. 5050 */ 5051static void 5052sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5053{ 5054 struct in6_addr myaddr; 5055 struct timeval tv; 5056 5057 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5058 5059 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5060 microtime(&tv); 5061 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5062 myaddr.s6_addr[14] ^= 0xff; 5063 myaddr.s6_addr[15] ^= 0xff; 5064 } else { 5065 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5066 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5067 } 5068 if (suggest) 5069 bcopy(&myaddr, suggest, sizeof(myaddr)); 5070} 5071#endif /*INET6*/ 5072 5073static int 5074sppp_params(struct sppp *sp, u_long cmd, void *data) 5075{ 5076 u_long subcmd; 5077 struct ifreq *ifr = (struct ifreq *)data; 5078 struct spppreq *spr; 5079 int rv = 0; 5080 5081 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5082 return (EAGAIN); 5083 /* 5084 * ifr->ifr_data is supposed to point to a struct spppreq. 5085 * Check the cmd word first before attempting to fetch all the 5086 * data. 5087 */ 5088 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5089 rv = EFAULT; 5090 goto quit; 5091 } 5092 5093 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5094 rv = EFAULT; 5095 goto quit; 5096 } 5097 5098 switch (subcmd) { 5099 case (u_long)SPPPIOGDEFS: 5100 if (cmd != SIOCGIFGENERIC) { 5101 rv = EINVAL; 5102 break; 5103 } 5104 /* 5105 * We copy over the entire current state, but clean 5106 * out some of the stuff we don't wanna pass up. 5107 * Remember, SIOCGIFGENERIC is unprotected, and can be 5108 * called by any user. No need to ever get PAP or 5109 * CHAP secrets back to userland anyway. 5110 */ 5111 spr->defs.pp_phase = sp->pp_phase; 5112 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5113 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5114 spr->defs.lcp = sp->lcp; 5115 spr->defs.ipcp = sp->ipcp; 5116 spr->defs.ipv6cp = sp->ipv6cp; 5117 spr->defs.myauth = sp->myauth; 5118 spr->defs.hisauth = sp->hisauth; 5119 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5120 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5121 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5122 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5123 /* 5124 * Fixup the LCP timeout value to milliseconds so 5125 * spppcontrol doesn't need to bother about the value 5126 * of "hz". We do the reverse calculation below when 5127 * setting it. 5128 */ 5129 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5130 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5131 sizeof(struct spppreq)); 5132 break; 5133 5134 case (u_long)SPPPIOSDEFS: 5135 if (cmd != SIOCSIFGENERIC) { 5136 rv = EINVAL; 5137 break; 5138 } 5139 /* 5140 * We have a very specific idea of which fields we 5141 * allow being passed back from userland, so to not 5142 * clobber our current state. For one, we only allow 5143 * setting anything if LCP is in dead or establish 5144 * phase. Once the authentication negotiations 5145 * started, the authentication settings must not be 5146 * changed again. (The administrator can force an 5147 * ifconfig down in order to get LCP back into dead 5148 * phase.) 5149 * 5150 * Also, we only allow for authentication parameters to be 5151 * specified. 5152 * 5153 * XXX Should allow to set or clear pp_flags. 5154 * 5155 * Finally, if the respective authentication protocol to 5156 * be used is set differently than 0, but the secret is 5157 * passed as all zeros, we don't trash the existing secret. 5158 * This allows an administrator to change the system name 5159 * only without clobbering the secret (which he didn't get 5160 * back in a previous SPPPIOGDEFS call). However, the 5161 * secrets are cleared if the authentication protocol is 5162 * reset to 0. */ 5163 if (sp->pp_phase != PHASE_DEAD && 5164 sp->pp_phase != PHASE_ESTABLISH) { 5165 rv = EBUSY; 5166 break; 5167 } 5168 5169 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5170 spr->defs.myauth.proto != PPP_CHAP) || 5171 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5172 spr->defs.hisauth.proto != PPP_CHAP)) { 5173 rv = EINVAL; 5174 break; 5175 } 5176 5177 if (spr->defs.myauth.proto == 0) 5178 /* resetting myauth */ 5179 bzero(&sp->myauth, sizeof sp->myauth); 5180 else { 5181 /* setting/changing myauth */ 5182 sp->myauth.proto = spr->defs.myauth.proto; 5183 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5184 if (spr->defs.myauth.secret[0] != '\0') 5185 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5186 AUTHKEYLEN); 5187 } 5188 if (spr->defs.hisauth.proto == 0) 5189 /* resetting hisauth */ 5190 bzero(&sp->hisauth, sizeof sp->hisauth); 5191 else { 5192 /* setting/changing hisauth */ 5193 sp->hisauth.proto = spr->defs.hisauth.proto; 5194 sp->hisauth.flags = spr->defs.hisauth.flags; 5195 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5196 if (spr->defs.hisauth.secret[0] != '\0') 5197 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5198 AUTHKEYLEN); 5199 } 5200 /* set LCP restart timer timeout */ 5201 if (spr->defs.lcp.timeout != 0) 5202 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5203 /* set VJ enable and IPv6 disable flags */ 5204#ifdef INET 5205 if (spr->defs.enable_vj) 5206 sp->confflags |= CONF_ENABLE_VJ; 5207 else 5208 sp->confflags &= ~CONF_ENABLE_VJ; 5209#endif 5210#ifdef INET6 5211 if (spr->defs.enable_ipv6) 5212 sp->confflags |= CONF_ENABLE_IPV6; 5213 else 5214 sp->confflags &= ~CONF_ENABLE_IPV6; 5215#endif 5216 break; 5217 5218 default: 5219 rv = EINVAL; 5220 } 5221 5222 quit: 5223 free(spr, M_TEMP); 5224 5225 return (rv); 5226} 5227 5228static void 5229sppp_phase_network(struct sppp *sp) 5230{ 5231 STDDCL; 5232 int i; 5233 u_long mask; 5234 5235 sp->pp_phase = PHASE_NETWORK; 5236 5237 if (debug) 5238 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5239 sppp_phase_name(sp->pp_phase)); 5240 5241 /* Notify NCPs now. */ 5242 for (i = 0; i < IDX_COUNT; i++) 5243 if ((cps[i])->flags & CP_NCP) 5244 (cps[i])->Open(sp); 5245 5246 /* Send Up events to all NCPs. */ 5247 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5248 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5249 (cps[i])->Up(sp); 5250 5251 /* if no NCP is starting, all this was in vain, close down */ 5252 sppp_lcp_check_and_close(sp); 5253} 5254 5255 5256static const char * 5257sppp_cp_type_name(u_char type) 5258{ 5259 static char buf[12]; 5260 switch (type) { 5261 case CONF_REQ: return "conf-req"; 5262 case CONF_ACK: return "conf-ack"; 5263 case CONF_NAK: return "conf-nak"; 5264 case CONF_REJ: return "conf-rej"; 5265 case TERM_REQ: return "term-req"; 5266 case TERM_ACK: return "term-ack"; 5267 case CODE_REJ: return "code-rej"; 5268 case PROTO_REJ: return "proto-rej"; 5269 case ECHO_REQ: return "echo-req"; 5270 case ECHO_REPLY: return "echo-reply"; 5271 case DISC_REQ: return "discard-req"; 5272 } 5273 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5274 return buf; 5275} 5276 5277static const char * 5278sppp_auth_type_name(u_short proto, u_char type) 5279{ 5280 static char buf[12]; 5281 switch (proto) { 5282 case PPP_CHAP: 5283 switch (type) { 5284 case CHAP_CHALLENGE: return "challenge"; 5285 case CHAP_RESPONSE: return "response"; 5286 case CHAP_SUCCESS: return "success"; 5287 case CHAP_FAILURE: return "failure"; 5288 } 5289 case PPP_PAP: 5290 switch (type) { 5291 case PAP_REQ: return "req"; 5292 case PAP_ACK: return "ack"; 5293 case PAP_NAK: return "nak"; 5294 } 5295 } 5296 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5297 return buf; 5298} 5299 5300static const char * 5301sppp_lcp_opt_name(u_char opt) 5302{ 5303 static char buf[12]; 5304 switch (opt) { 5305 case LCP_OPT_MRU: return "mru"; 5306 case LCP_OPT_ASYNC_MAP: return "async-map"; 5307 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5308 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5309 case LCP_OPT_MAGIC: return "magic"; 5310 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5311 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5312 } 5313 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5314 return buf; 5315} 5316 5317#ifdef INET 5318static const char * 5319sppp_ipcp_opt_name(u_char opt) 5320{ 5321 static char buf[12]; 5322 switch (opt) { 5323 case IPCP_OPT_ADDRESSES: return "addresses"; 5324 case IPCP_OPT_COMPRESSION: return "compression"; 5325 case IPCP_OPT_ADDRESS: return "address"; 5326 } 5327 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5328 return buf; 5329} 5330#endif 5331 5332#ifdef INET6 5333static const char * 5334sppp_ipv6cp_opt_name(u_char opt) 5335{ 5336 static char buf[12]; 5337 switch (opt) { 5338 case IPV6CP_OPT_IFID: return "ifid"; 5339 case IPV6CP_OPT_COMPRESSION: return "compression"; 5340 } 5341 sprintf (buf, "0x%x", opt); 5342 return buf; 5343} 5344#endif 5345 5346static const char * 5347sppp_state_name(int state) 5348{ 5349 switch (state) { 5350 case STATE_INITIAL: return "initial"; 5351 case STATE_STARTING: return "starting"; 5352 case STATE_CLOSED: return "closed"; 5353 case STATE_STOPPED: return "stopped"; 5354 case STATE_CLOSING: return "closing"; 5355 case STATE_STOPPING: return "stopping"; 5356 case STATE_REQ_SENT: return "req-sent"; 5357 case STATE_ACK_RCVD: return "ack-rcvd"; 5358 case STATE_ACK_SENT: return "ack-sent"; 5359 case STATE_OPENED: return "opened"; 5360 } 5361 return "illegal"; 5362} 5363 5364static const char * 5365sppp_phase_name(enum ppp_phase phase) 5366{ 5367 switch (phase) { 5368 case PHASE_DEAD: return "dead"; 5369 case PHASE_ESTABLISH: return "establish"; 5370 case PHASE_TERMINATE: return "terminate"; 5371 case PHASE_AUTHENTICATE: return "authenticate"; 5372 case PHASE_NETWORK: return "network"; 5373 } 5374 return "illegal"; 5375} 5376 5377static const char * 5378sppp_proto_name(u_short proto) 5379{ 5380 static char buf[12]; 5381 switch (proto) { 5382 case PPP_LCP: return "lcp"; 5383 case PPP_IPCP: return "ipcp"; 5384 case PPP_PAP: return "pap"; 5385 case PPP_CHAP: return "chap"; 5386 case PPP_IPV6CP: return "ipv6cp"; 5387 } 5388 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5389 return buf; 5390} 5391 5392static void 5393sppp_print_bytes(const u_char *p, u_short len) 5394{ 5395 if (len) 5396 log(-1, " %*D", len, p, "-"); 5397} 5398 5399static void 5400sppp_print_string(const char *p, u_short len) 5401{ 5402 u_char c; 5403 5404 while (len-- > 0) { 5405 c = *p++; 5406 /* 5407 * Print only ASCII chars directly. RFC 1994 recommends 5408 * using only them, but we don't rely on it. */ 5409 if (c < ' ' || c > '~') 5410 log(-1, "\\x%x", c); 5411 else 5412 log(-1, "%c", c); 5413 } 5414} 5415 5416#ifdef INET 5417static const char * 5418sppp_dotted_quad(u_long addr) 5419{ 5420 static char s[16]; 5421 sprintf(s, "%d.%d.%d.%d", 5422 (int)((addr >> 24) & 0xff), 5423 (int)((addr >> 16) & 0xff), 5424 (int)((addr >> 8) & 0xff), 5425 (int)(addr & 0xff)); 5426 return s; 5427} 5428#endif 5429 5430static int 5431sppp_strnlen(u_char *p, int max) 5432{ 5433 int len; 5434 5435 for (len = 0; len < max && *p; ++p) 5436 ++len; 5437 return len; 5438} 5439 5440/* a dummy, used to drop uninteresting events */ 5441static void 5442sppp_null(struct sppp *unused) 5443{ 5444 /* do just nothing */ 5445} 5446